EXPENSIVE LOADER[.]bin[.]zip | Triage

Resubmissions

24-09-2023 08:26

230924-kcbw1aeg88 10

22-08-2023 14:37

230822-rzc6xacg63 10

Sharing

General

Target

EXPENSIVE LOADER.bin.zip
Size

1.2MB
MD5

96d0eff4d80dd6843d410f4f4f5e4c81
SHA1

b273d5d1fc95d304a3a31b60c7f0798300ed3e3e
SHA256

d3e832fc80acdc65b025a2f2ddf27f9b6ee273434a9f57df9a5afe977dfdcac3
SHA512

494459f61db0c1235b4e1eb25597371816814c331559f6de7d32c08cc3e1cfed2d19d599d2a2e20810b65b3c199cc8135f286cc5b64ed911dce3637e08fdc152
SSDEEP

24576:CgkZdN5CI6nBbM7LEMkMWh3q3V4yRi8wu6svT2STPjJx4vpv4:C1v6nBbM7rkvSRxVvTpXzz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/EXPENSIVE LOADER.bin

Files

EXPENSIVE LOADER.bin.zip
.zip

Password: infected
EXPENSIVE LOADER.bin
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 110KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 202KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

da2a
Size: 951KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE