VTRL[.]exe | Triage

Sharing

General

Target

VTRL.exe
Size

5.5MB
MD5

ce30bc18638aa4cc62e39989c24727b6
SHA1

118527d0bd5ff33fc0e6cbdf728b6607dd0d6f68
SHA256

6a57f62fc52d3db1a5a2a3ba4eb4bfaf76ce7b7e589b0f15d924700adade078a
SHA512

8a430eb9a8272e6a311c73f119ffd129993e1171920c987af43804e8c63028f5c69a8efc95618ee7639d0be2dcdd9796cf178fa6e59970443f7477dc051e3df5
SSDEEP

49152:xPKuSAUsUZSjd7qlfr+cyTSxgRKUOt/JrqnDOIEanGBTSFLo+nGbeHme+APyTcne:JKjITTSREzAso+aYyOw8HZ04X8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

VTRL.exe

Files

VTRL.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ