24169ac1ade879bc4ab514c03e4133931a0458c5[.]rl[.]zip | Triage

Resubmissions

04/08/2023, 20:48

230804-zlrfdaff2x 10

04/08/2023, 20:41

230804-zgrkksec66 10

04/08/2023, 17:49

230804-wd2dtsee7y 10

Sharing

Copy URL Twitter E-mail

General

Target

24169ac1ade879bc4ab514c03e4133931a0458c5.rl.zip
Size

1.3MB
MD5

c29a9e3e9d8391837be69f2298f7482c
SHA1

3f9a43e809cb723a6b4eba0dbdb94e1e3262496e
SHA256

2730ead61b5325aeee02a273c8b82be166377f665d06a06b95ecf5a2a496cc9a
SHA512

4da980b03704fc712ccf87f0cee52f86c1af2108a7d1de0f00202f82688dccc4ffd4d2fc267109cf7dc362a24671d5cfe0984ca5a942b2326798512c4cdc7f5c
SSDEEP

24576:F8JrmJ0GknLKHvm4DCE1vtUzPXkw0KY6BoNGiTSNwftRAOm0Iw:F8Jrm0Gknh4dtUzPx/oNGOSNwftSOm0P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/24169ac1ade879bc4ab514c03e4133931a0458c5.rl

Files

24169ac1ade879bc4ab514c03e4133931a0458c5.rl.zip
.zip

Password: infected12
24169ac1ade879bc4ab514c03e4133931a0458c5.rl
.dll windows x86

Password: infected12

2e5708ae5fed0403e8117c645fb23e5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CreateProcessA

msvcrt

free
_initterm
malloc
_adjust_fdiv
sprintf

Exports

Exports

PlayGame

Sections

.text
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ