payload[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payload.7z
Size

221KB
MD5

0f46cc92f05eeefe97c4ca94fb3c4151
SHA1

0e3cd67b14ac7d1bf6f8cc6a58050cbee0426e07
SHA256

118eee99ab04a7f1441c983de49560027e1cd7de83285fcd8a53f9652910802e
SHA512

a16fc6c263f7251bd94fe31c0d15d05bbd05fb9ed3771ccaa1d90fc7ae0d24c8b4e1e303b8b7aa1fee2dd65bad40d635799623e229839378c61175b683623a00
SSDEEP

6144:toPZLzRkrPktJnthCuDG+6Fc4+gymVejNODrpeEz20M:mNmrPkTbUh+gyHNODrpeiVM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/payload.dat

Files

payload.7z
.7z

Password: infected
payload.dat
.dll windows x86

Password: infected

03e0265867ad1e2e0d3ff921e60d4139

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateMutexA
GetLastError
GetSystemTimeAsFileTime

Exports

Exports

kTLS_GetHandshakeTimeout
kTLS_ImportFD
kSSSSL_GetVersion
kSSSSL_VersionCheck
kSS_CmpCertChainWCANames
kSS_FindCertKEAType
kSS_GetClientAuthData
kSS_SetDomesticPolicy
kSS_SetExportPolicy
kSS_SetFrancePolicy
kSL_AuthCertificate
kSL_AuthCertificateComplete
kSL_AuthCertificateHook
kSL_BadCertHook
kSL_CanBypass
kSL_CertDBHandleSet
kSL_CipherPolicyGet
kSL_CipherPolicySet
kSL_CipherPrefGet
kSL_CipherPrefGetDefault
kSL_CipherPrefSet
kSL_CipherPrefSetDefault
kSL_ClearSessionCache
kSL_ConfigMPServerSIDCache
kSL_ConfigSecureServer
kSL_ConfigSecureServerWithCertChain
kSL_ConfigServerCert
kSL_ConfigServerSessionIDCache
kSL_ConfigServerSessionIDCacheWithOpt
kSL_DHEGroupPrefSet
kSL_DataPending
kSL_EnableWeakDHEPrimeGroup
kSL_ExportKeyingMaterial
kSL_ForceHandshake
kSL_ForceHandshakeWithTimeout
kSL_GetChannelInfo
kSL_GetCipherSuiteInfo
kSL_GetClientAuthDataHook
kSL_GetImplementedCiphers
kSL_GetMaxServerCacheLocks
kSL_GetNegotiatedHostInfo
kSL_GetNextProto
kSL_GetNumImplementedCiphers
kSL_GetPreliminaryChannelInfo
kSL_GetSRTPCipher
kSL_GetSessionID
kSL_GetStatistics
kSL_HandshakeCallback
kSL_HandshakeNegotiatedExtension
kSL_ImplementedCiphers
kSL_ImportFD
kSL_InheritMPServerSIDCache
kSL_InvalidateSession
kSL_LocalCertificate
kSL_NumImplementedCiphers
kSL_OptionGet
kSL_OptionGetDefault
kSL_OptionSet
kSL_OptionSetDefault
kSL_PeerCertificate
kSL_PeerCertificateChain
kSL_PeerSignedCertTimestamps
kSL_PeerStapledOCSPResponses
kSL_PreencryptedFileToStream
kSL_PreencryptedStreamToFile
kSL_ReHandshake
kSL_ReHandshakeWithTimeout
kSL_RecommendedCanFalseStart
kSL_ReconfigFD
kSL_ResetHandshake
kSL_RestartHandshakeAfterCertReq
kSL_RestartHandshakeAfterServerCert
kSL_RevealCert
kSL_RevealPinArg
kSL_RevealURL
kSL_SNISocketConfigHook
kSL_SecurityStatus
kSL_SetCanFalseStartCallback
kSL_SetDowngradeCheckVersion
kSL_SetMaxServerCacheLocks
kSL_SetNextProtoCallback
kSL_SetNextProtoNego
kSL_SetPKCS11PinArg
kSL_SetSRTPCiphers
kSL_SetSignedCertTimestamps
kSL_SetSockPeerID
kSL_SetStapledOCSPResponses
kSL_SetTrustAnchors
kSL_SetURL
kSL_ShutdownServerSessionIDCache
kSL_SignatureMaxCount
kSL_SignaturePrefGet
kSL_SignaturePrefSet
kSL_VersionRangeGet
kSL_VersionRangeGetDefault
kSL_VersionRangeGetSupported
kSL_VersionRangeSet
print

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

03e0265867ad1e2e0d3ff921e60d4139

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 112KB - Virtual size: 111KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 112KB - Virtual size: 111KB

.reloc
Size: 9KB - Virtual size: 8KB