a[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a.rar
Size

502KB
MD5

a05ef342a2d0059a6ef895a18d43922c
SHA1

33a39eeca56527c84b111f0853b8dc492560984d
SHA256

7db2e678b430e2463b22e004c205b15b645c22ce8b6e05a60a8e1f3a20e5f263
SHA512

7a2746d47ca885860b93472a10bae727884b822339735056930b002c60e3069787df20d109f47063730ddeb4c949cbce2c86c88d120936e5834134ac74dbb475
SSDEEP

12288:Hdt7x43JGRqdgZi4+3qVmdMGhfOTwHxL8Rvo4fSEbYk:HRsgSgZi53F4GJ8vfLb1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ResHacker.exe

Files

a.rar
.rar

Password: infected
Quicktime.ico
ResHacker.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 683KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
clean.bat
cmd.c
cmd.h
current.bat
darkness.dev
darkness_private.h
darkness_private.rc
decrypt.c
device.c
device.h
dns.c
dns.h
extract.h
flood.c
flood.h
hex.c
http.c
http.h
infect.c
infect.h
irc.c
irc.h
main.c
mylib.c
mylib.h
myspace.c
myspace.h
riddle.c
rsrc.rc
server.c
server.h