Decryptor lauff_hig[.]zip | Triage

Resubmissions

03/07/2023, 13:37

230703-qwxkpsaa4v 3

Sharing

Copy URL Twitter E-mail

General

Target

Decryptor lauff_hig.zip
Size

1.2MB
MD5

2444e8dc41c6dc3af24890bfff1a400f
SHA1

f9a35bddd6e043d26b39267404ade748fb49ee75
SHA256

977088b3b13076f409c1afea52cd095cfe9bef074964762092be5d3413b9c386
SHA512

d4b49ca76de37c11657324b2e9f1497d3bd1597a595a009434e2f08d40bfc69a3db39606ae018c00247cbc3af8be58ce8f1b6f4b0411e6b53d29e4283bae1a7e
SSDEEP

24576:crdMzh3UwL56dJFM9ZoT5ChBTNMAcKyo/bwjbxD/ULQEO2TUScX6dlc/DF:80FL56dJFM9ZAAhBuAcKVguLe2IS+6P6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Decryptor lauffhig/Decryptor.exe

Files

Decryptor lauff_hig.zip
.zip
Decryptor lauffhig/Config.enc
Decryptor lauffhig/Decryptor.exe
.exe windows x86

32c5de998b5f069b26c94c8143b13c06

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

kernel32

GetModuleFileNameW

user32

GetWindow

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 784KB - Virtual size: 784KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 755KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Decryptor lauffhig/RSAKeys.txt