datas and performances[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

datas and performances.rar
Size

364KB
MD5

55840023817235bc9d6e94eb840a6277
SHA1

cb151f37bcce312319d14764d264865f6da162aa
SHA256

99a8953f9b580032163b5636f9736c3727f25c7016214fa2971f6c67e80597c7
SHA512

4a4b4b289c30f77c472c49c72f01933d0949363e5cd48be3b47e42307040ad1b30bb4154ac162f962a8dc4abc71850aad1a5d4c55da1976e59db17288a4ef0e1
SSDEEP

6144:pFfxDVyaPzdDmVrxb1mOaNep/Bu/yHt/SfFM3rZ5nltVSVDyLTgfGLY:p7IaPz1+rxb1VVBBHYFM3r/kIT50

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/datas and performances.exe

Files

datas and performances.rar
.rar

Password: infected
datas and performances.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ