ACTIVADOR[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ACTIVADOR.rar
Size

181KB
MD5

f1833e1a1d4f2f212e24b12674f71907
SHA1

f47a2026f7e941be22fc00ace3d3d546064b0474
SHA256

5f11c7c092e8ed9c5422d596b14d267bac54848f23e05a6fb07bd89dd16a9d70
SHA512

6b3653f7a6b87657b334f8bf8c8a380cf304dcffda6c9adb0eb98df140c80a3f0a43204ccf932b6a64866150be2fd716401f23e3e9e52ae330ec1b4af41cf848
SSDEEP

3072:5SZ9W8fGpZXBUSNuzwmGJW3XHUiQzmeRAxNdQItY6wCuEKRWsC33/QvH:5s9HGpNjN8uWHTKArdQsY6wCHKRSHovH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Activator.exe

Files

ACTIVADOR.rar
.rar
Activator.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Block Rhino (rules in hosts and stock firewall).cmd
.cmd .vbs