Static task
static1
General
-
Target
upload.zip
-
Size
14KB
-
MD5
1486ac8b28e9cfed01e0cfbe4acc3c21
-
SHA1
d45f54ff9a25b7675a17cd706dc088b3b3752680
-
SHA256
8885043f1784826c2761ee5117a5b71cd36a41306d274b2d02429ab7e6091238
-
SHA512
2684f2122e23f646dbeba9472f55992562aa48dab2fb3a3128bdf5e3ddcd870225754593cc5ced9cbce42f6855aa8bbf4652573df1c73bc200b458f6f85855b0
-
SSDEEP
384:16qluAoGxlrDr90EFwT81DGdla1JU9nRMRT:1269rVgTdk49R+T
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/RTLOFModifier.dll
Files
-
upload.zip.zip
Password: elastic
-
RTLOFModifier.dll.dll windows x86
Password: elastic
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 41KB - Virtual size: 41KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ