Sample(s)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Sample(s).rar
Size

67KB
MD5

bd3ad881799cd48314f751abd06cd359
SHA1

85bc0717c78df69950f6168e5f1f18bb56546ca4
SHA256

7d8fd688d2c37715c0ab4d395b03d2ec4dc179d249914705f7053e62895a3594
SHA512

2c65e7deeb8aae1ffefdcdcf46916b418f1da7b0d0b4bdc32678a26c722ab42d866f44a8dac79b55a9a8cf0e72b3fbf2f015a158f61a08dca4a406d4c53b32c7
SSDEEP

1536:oFoHvjcI5RgtAIjE8Or3S/N5ygPWjKd8V3pctSR+2LcjlhN:oQAQgtAIjfsqWjg8JpRojl3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lib/App_Code/EdgeUpdater/Bin/libUpdate.dll
unpack001/lib/Bin/TaskBuilder.dll

Files

Sample(s).rar
.rar

Password: infected
CIBC_NewLaptopForm.lnk
.lnk
lib/App_Code/EdgeUpdater/App_Code/update.xml
.xml
lib/App_Code/EdgeUpdater/Bin/Session_4827491118.bak
lib/App_Code/EdgeUpdater/Bin/libUpdate.dll
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/App_Code/EdgeUpdater/Web.config
.xml
lib/App_Code/EdgeUpdater/none/PrecompiledApp.config
lib/App_Code/UpdateEdge_Daily.lnk
.lnk
lib/App_Code/update.xml
.xml
lib/Bin/TaskBuilder.dll
.dll windows x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/Web.config
.xml
lib/conf.ini
lib/display.ini
lib/locale.ini
lib/none/PrecompiledApp.config
lib/tm.ini

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 34KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 31KB - Virtual size: 30KB

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 512B - Virtual size: 12B