winchancho_combined[.]exe | Triage

Sharing

General

Target

winchancho_combined.exe
Size

4.9MB
MD5

879a44649956c2c14557d1362436ebf4
SHA1

9f7a58ae7fc3d12c3eef167a89a1f80826273a68
SHA256

2ad01fbc49901f3f3430ec2bc184b42cd454c779e49e6b7fe52d1687df69563a
SHA512

57dd8761f5ef53475d23a94026c2b6c48ce1891c9d9d6fba74469d1237796910292e9676825b7525ae9d918c2063ef681f8bad50d0162dab8a3f3148f95cb8a8
SSDEEP

98304:xHFEFEVDxuqqITjatL2QU35zZpnKFEF3FD:xlc0NapG3FCc1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
winchancho_combined.exe

Files

winchancho_combined.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\Silly\OneDrive\Escritorio\winchancho\winchancho_combined.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ