Exercice4[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

Exercice4.7z
Size

6KB
MD5

081eb6b996746fb7b13deb8e2b75e938
SHA1

bcb502b7528e7e0198a673d74fca07b0670ff798
SHA256

db385b047dbfff2cb04e65c120ae245f7a4b03630fed8a59c202d8fb282890ca
SHA512

65dc00783e2eb391d537618f5d6456e47a71f2cdd86844e6fd161abcc048f9386bcfcc32ce5c959eaee3d88db1d8ca436b3ce58cd924a353caa9848f58837f57
SSDEEP

192:5SeyJNZio+jc8aWGxHvgQ0vIEJn1PAMYcJ:7uZio+jc8o0vvd1PAsJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Exercice4.dll
unpack001/Exercice4.exe
unpack001/Lab01-01.dll
unpack001/Lab01-01.exe

Files

Exercice4.7z
.7z

Password: infected
Exercice4.dll
.dll windows x86

850a8b8b585d7874d0431e8e45d74606

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessA
CreateMutexA
OpenMutexA
CloseHandle

ws2_32

socket
WSAStartup
inet_addr
connect
send
shutdown
recv
closesocket
WSACleanup
htons

msvcrt

_adjust_fdiv
malloc
_initterm
free
strncmp

Sections

.text
Size: 4KB - Virtual size: 926B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Exercice4.exe
.exe windows x86

2b5f75aa75c57ed7c68f7be490d63605

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA

msvcrt

malloc
exit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_stricmp

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Lab01-01.dll
.dll windows x86

850a8b8b585d7874d0431e8e45d74606

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessA
CreateMutexA
OpenMutexA
CloseHandle

ws2_32

socket
WSAStartup
inet_addr
connect
send
shutdown
recv
closesocket
WSACleanup
htons

msvcrt

_adjust_fdiv
malloc
_initterm
free
strncmp

Sections

.text
Size: 4KB - Virtual size: 926B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lab01-01.exe
.exe windows x86

2b5f75aa75c57ed7c68f7be490d63605

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA

msvcrt

malloc
exit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_stricmp

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 690B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

850a8b8b585d7874d0431e8e45d74606

Headers

File Characteristics

Imports

kernel32

ws2_32

msvcrt

Sections

.text Size: 4KB - Virtual size: 926B

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 4KB - Virtual size: 108B

.reloc Size: 4KB - Virtual size: 516B

2b5f75aa75c57ed7c68f7be490d63605

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 690B

.data Size: 4KB - Virtual size: 252B

850a8b8b585d7874d0431e8e45d74606

Headers

File Characteristics

Imports

kernel32

ws2_32

msvcrt

Sections

.text Size: 4KB - Virtual size: 926B

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 4KB - Virtual size: 108B

.reloc Size: 4KB - Virtual size: 516B

2b5f75aa75c57ed7c68f7be490d63605

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 690B

.data Size: 4KB - Virtual size: 252B

.text
Size: 4KB - Virtual size: 926B

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 4KB - Virtual size: 108B

.reloc
Size: 4KB - Virtual size: 516B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 690B

.data
Size: 4KB - Virtual size: 252B

.text
Size: 4KB - Virtual size: 926B

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 4KB - Virtual size: 108B

.reloc
Size: 4KB - Virtual size: 516B

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 690B

.data
Size: 4KB - Virtual size: 252B