1e281q[.]rar | Triage

General

Target

1e281q.rar
Size

2.8MB
MD5

695e17014aee1695e4e4b08558098bb6
SHA1

b16ae973b723e9c075e98285da5681304c80af6c
SHA256

264b34d8521655d554f9f7e34b130d68a3d13f3d8230b40342c9d84fb95bef48
SHA512

786edad911a28c8d86547782deff8fcbceca0515e1a6e21b5559729f5f5f9b9fb7ea127561022f592e6b8d65513fd28e96227818c43f8f89a2e623fe3e9f6178
SSDEEP

49152:vQodxhkLLLigDDc4Zxio/Tyykr+B4c4UVyZ+XctvlKaCw:v3xhULWODacWNxcdyZ7dkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CrypteX Advanced/CrypteX Advanced/CrypteX Advanced.exe
unpack001/CrypteX Advanced/CrypteX Advanced/Mono.Cecil.dll

Files

1e281q.rar
.rar
CrypteX Advanced/CrypteX Advanced/CrypteX Advanced.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 481KB - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 14KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrypteX Advanced/CrypteX Advanced/Mono.Cecil.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrypteX Advanced/CrypteX Advanced/confkey.snk

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 481KB - Virtual size: 481KB

DATA Size: 5KB - Virtual size: 5KB

BSS Size: - Virtual size: 14KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 146KB - Virtual size: 146KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 263KB - Virtual size: 263KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

CODE
Size: 481KB - Virtual size: 481KB

DATA
Size: 5KB - Virtual size: 5KB

BSS
Size: - Virtual size: 14KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 146KB - Virtual size: 146KB

.text
Size: 263KB - Virtual size: 263KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B