Evidence[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Evidence.7z
Size

527KB
MD5

b3e6f6ae43557f7c6fe76491eb0f9d03
SHA1

7a0226c727d8e3d68c9e8559c62ef127fae3c139
SHA256

f7ae2fb5687496d8cb0e36967968f7873ea7548a7b16fbef156e9e641298635c
SHA512

86b54d20c94fc34331d35270d283a96f2345a5d4b852bed6caa85c9c67d5a5aeb0f0d8720fa447a750a75cb3de883cc54e34e70fa14f1b96714fe1b267f98811
SSDEEP

12288:appO1cs6FzQXdNLVgGBmLufNOf+ZzDC1TRWBYt06RvoiQ9K9IOD2LMn:agc/01VggfNeoDC1TRgX8AD9afn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/comprovativo.exe

Files

Evidence.7z
.7z

Password: infected
comprovativo.rar
.rar

Password: infected
comprovativo.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ