Setup_4321_Passwrd[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup_4321_Passwrd.rar
Size

10.3MB
MD5

d01b38183971fe40d4728e3f4fee46cd
SHA1

47e2e2b0aeb3c850a77a1a7cb7eb3e5b05758df6
SHA256

0501868271f822fb06256e61a20b7315f25061aa819cb8b0065624ee99e0be90
SHA512

98304ce032c773e6017b58c10d27fc2eb74022baac4004ac691a64a7afc7bfa03934468b55f65c6d6633e77acf87d9f094e96bdc56f8b2a87cf510c06ea2b391
SSDEEP

196608:kvJyXk24UGjfm/c7aJ2rnze5KoLngWBkHxfa6iMZri1c+OWbM/6ujP:XrMeE7I2rO1TgJRC6iMhi1FOWY/6ujP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup.exe

Files

Setup_4321_Passwrd.rar
.rar

Password: 4321
Mod/File.Detail.rtf
.rtf
setup.exe
.exe windows:6 windows x86

Password: 4321

9b6f3f808f78d81fe0f909afd50d547c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

msvcrt

memset

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

[0]
Size: 722.5MB - Virtual size: 722.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Pk~
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MH:
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.?[8
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ