Blender launcher exe Trojan Wacatac File Malware Analysis: b30426962317e1dafc12c1e73cc80587

Blender-launcher.exe Trojan Wacatac Analysis

Updated 12 minutes ago

Checked by Malware Check

blender-launcher.exe

Hash Type	Value	Action
MD5	b30426962317e1dafc12c1e73cc80587
SHA1	46de8ceb9341d60b4caf4e17d36d229234a400b8
SHA256	8cbbed053df9c57e55f1afe08b5a5e8bb485d375ddd354c86efeda8febd6fe58
SHA512	ce9523a7fe32b809f48c51cbe627ad0c092f9679eed624d3179865e3baf5b038b52943796c4d2729896ec032abbae9b07e199137112757a2db76a78fc69ed09a
ImpHash	7c39516cedf321d86e4d55828659b0a2

Hash Type

Value

Action

MD5

b30426962317e1dafc12c1e73cc80587

SHA1

46de8ceb9341d60b4caf4e17d36d229234a400b8

SHA256

8cbbed053df9c57e55f1afe08b5a5e8bb485d375ddd354c86efeda8febd6fe58

SHA512

ce9523a7fe32b809f48c51cbe627ad0c092f9679eed624d3179865e3baf5b038b52943796c4d2729896ec032abbae9b07e199137112757a2db76a78fc69ed09a

ImpHash

7c39516cedf321d86e4d55828659b0a2

PE Analysis

Basic Information

▼

Icon	Hash: aa97b84a1ece6a097cc94b5b01be48dc Fuzzy: 6a26bb371e85c6bfaef96865f0eea187 dHash: 9060e4d090d2e164
Image Base	`0x140000000`
Entry Point	`0x140f93b3c`
Compilation Time	2023-11-15 08:43:43
Checksum	0x0010b185 (Actual: 0x0036bc7b)
OS Version	6.0
PEiD Signatures	`PE32+ executable (GUI) x86-64, for MS Windows`
Digital Signature	No valid SignedData structure was found.
Imports	16 libraries
Exports	0 functions
Resources	116 Resources
Sections	9 Sections

Version Information

▼

FileVersion	4.0
ProductVersion	4.0
CompanyName	Blender Foundation
FileDescription	Blender
LegalCopyright	GPLv3 (Blender Foundation)
OriginalFilename	blender.exe
ProductName	Blender
Translation	0x0409 0x0000

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
	`0x00001000`	8,192 bytes	3,584 bytes	7.76 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`67831AEEF62E5854AA7C15E3971B2487`
	`0x00003000`	8,192 bytes	1,024 bytes	6.50 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`131CBF1A3574B8D8AF2BD087F6E3B9DE`
	`0x00005000`	4,096 bytes	512 bytes	0.80 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`916282AB3D3B4E43B1CEBC564178AAFD`
	`0x00006000`	4,096 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
	`0x00007000`	1,056,768 bytes	25,600 bytes	7.98 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`DF54706A199766111CDDA6A2FFAC8BAB`
	`0x00109000`	4,096 bytes	512 bytes	0.98 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`77B79635E92B1EB255998D93287B74B5`
`.rsrc`	`0x0010a000`	315,392 bytes	313,344 bytes	3.42 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`B94F45F1205995F3DF8D2FE861CD02BC`
	`0x00157000`	12,009,472 bytes	279,552 bytes	8.00 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`6E470A40960C703F0956D7C4B0233E47`
	`0x00ccb000`	2,932,736 bytes	2,930,688 bytes	7.97 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`242F56E7CFF619C01CA3B943FA124793`

Entropy Analysis Alert

4 section(s) with high entropy (≥7.5) detected - possible packing/encryption

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 116 (1,048,386 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	72	740,448 bytes	70.6%
RT_ICON	16	304,108 bytes	29%
RT_GROUP_CURSOR	24	1,152 bytes	0.1%
RT_GROUP_ICON	2	236 bytes	0%
RT_VERSION	1	636 bytes	0.1%
RT_MANIFEST	1	1,806 bytes	0.2%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	blender-launcher.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version	1.0.219.174
Database Version	2025-06-27 08:00:22 UTC

Blender-launcher.exe Trojan Wacatac Analysis

Technical Analysis

Ransom.Win64.Wacatac.cld

Scan Another File

File Identification