BAD[.]7z | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

BAD.7z
Size

27.2MB
MD5

8d6d04e12031c1ad6bebe329fe41ee22
SHA1

c55fa6e2708fefa6c80d9e16f7fd0b080f403036
SHA256

8828612a4f2bb1267ea1cd19d556a94af0d6cd853d609bba9eb9cb6746b94a49
SHA512

3127e7dbb8503e1df4b8bcb217c42462a67d14fef9e59eb22f7d2ee42a69147933337cb7cc18a4aae81a3edb1225deec51c011fa4ac0096e425e7c0d2cbf9790
SSDEEP

786432:+dVEVotYH4uVEcQoideQXRvd7j8aNQZXXTaGnRc5S2bvdcX:+oVotYYJbdXlt8A6zxc5fv2X

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BAD/Saved Files/ebursto.exe
unpack001/BAD/Saved Files2/heronnr.exe

Files

BAD.7z
.7z

Password: infected
BAD/Saved Files/ebursto.exe
.exe windows x64

2155e696cf203c2b705a50dfecfbc54e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CreateRemoteThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAllocEx
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteProcessMemory

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BAD/Saved Files2/heronnr.exe
.exe windows x64

b5a261a95d907cf69b1b6f79b384cba3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CloseHandle
CreateFileMappingW
CreateFileW
CreateRemoteThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MapViewOfFile
OutputDebugStringA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteProcessMemory

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
_wcsnicmp
abort
calloc
exit
fprintf
free
fwrite
malloc
mbstowcs_s
memcmp
memcpy
signal
strchr
strcmp
strlen
strncmp
vfprintf

Sections

.text
Size: 17.9MB - Virtual size: 17.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

2155e696cf203c2b705a50dfecfbc54e

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 17.9MB - Virtual size: 17.9MB

.data Size: 512B - Virtual size: 240B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 660B

.xdata Size: 1024B - Virtual size: 536B

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

b5a261a95d907cf69b1b6f79b384cba3

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 17.9MB - Virtual size: 17.9MB

.data Size: 512B - Virtual size: 240B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 792B

.xdata Size: 1024B - Virtual size: 752B

.bss Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.text
Size: 17.9MB - Virtual size: 17.9MB

.data
Size: 512B - Virtual size: 240B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 660B

.xdata
Size: 1024B - Virtual size: 536B

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.text
Size: 17.9MB - Virtual size: 17.9MB

.data
Size: 512B - Virtual size: 240B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 792B

.xdata
Size: 1024B - Virtual size: 752B

.bss
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B