JO-PARIS2024-Billets[.]iso | Triage

Sharing

General

Target

JO-PARIS2024-Billets.iso
Size

288KB
MD5

de4908a75d2804571f4ea770a688c6f1
SHA1

a0a7892da32e7c76518dc5bdac8bcdd9d80c8830
SHA256

34c45b411c3de8614c85819eb0b887e7c293349de463ecdc20a88c0a71b68d68
SHA512

a85a9bd4deea164d0e06d8422cc662b41be49a4d2bc397a5037c94f07985ad1fe94d7556df26c15494eff1df94d91d2294081e82af141b215153db365640de77
SSDEEP

6144:gTNKUVE/7vZDP4AWmfkT4nhmp4EJ467MhU7x8q1R:gxBElDPNVMohmy67Cc68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/billets.png

Files

JO-PARIS2024-Billets.iso
.iso
out.iso
.iso
JO-PARIS2024-Billets.lnk
.lnk
billets.png
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
img.jpg
.jpg
rickroll.cmd
.cmd .vbs