payload[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payload.7z
Size

446KB
MD5

283429abecad1f226b5f52872e1737cc
SHA1

68c37d2582149c2aa2b047fdafdd181a6b9b59a4
SHA256

2e2f209e83993c1902094d2451b721e2e872bc8735d404211510a3c5786c7888
SHA512

c1488c38cabe6e8f8806755c4495c47ad046b2cdeefaebc8e7b1a9315790783b4affac0a5fb48db8b8cdbcb92f0e22d975d7a39fe3fdc3c79ffd6b6831c6cb54
SSDEEP

12288:8toRl62sANNuHfshb3hidpH7Q2/oT5fh1IDuBg0rObgtiVnR:+90+H7Q2Y320r0pVnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/payload.dll

Files

payload.7z
.7z

Password: infected
loader.ps1
.ps1
payload.dll
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ