QorIce[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

QorIce.zip
Size

879KB
MD5

9f6f205a2c0acb046e4cf763ce8bfc84
SHA1

89f2efd4ac5cced1cf0044e6479986e484b72c63
SHA256

389837806491cfc5d5268d48e64e87ca9b5856871bd03f6005a883449f46bbad
SHA512

07fd9df1f40007d53f7e7441059953fade0d11a0b836df7441008cd22e9b8d4640a44d230513a5b1522e2596dca92af9803b331b06276d92b88d4c289510ddc0
SSDEEP

12288:tCZs6eDvH4/78HX62/Kknwe2GYwzxIEomyYqGOowv7WmnLUu9BCS41SjYnyL8sc1:UKv4z8Bzwj/fmjOHjWIoMCS08guccG

Score

N/A

Malware Config

Signatures

Files

QorIce.zip
.zip

Password: infected
REJ_4043.iso
.iso
REJ.lnk
.lnk
oslo/alleviates.dat
.dll windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
oslo/nicks.txt
oslo/pended.cmd
.cmd .vbs
oslo/train.png
.png