$RL62GAF[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

$RL62GAF.zip
Size

78KB
MD5

657ffdde338a82a22704e061284a384a
SHA1

fc6678ac500e27acc570245a3f10fe9b758e2f70
SHA256

e94efcdbe31f927cc173bf6e4795af30c12c02192d43d5c070b77949a902801f
SHA512

61f89618563c48298ca1b96dd70b0e11ff8c6e00e6079f34c973edc65d90eeedd4d889d81d02a5d074dc25ef191185d2316a192794f9a4118943069cb71cd6d1
SSDEEP

1536:NhW+y7W6QFlk9T5G3Fvihuh3PtsEqR71VADSzSbKpWNQK/gc5BNeAdhS+:Nga6gk9TwKh6V7qRxVADSObKWRTgy1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Pfjsqg/QuarkHub.dll

Files

$RL62GAF.zip
.zip
Pfjsqg/QuarkHub.dll
.dll windows:6 windows x64 arch:x64

3176476b30676374530c93b0ea09cede

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetTempPathW
CreateFileA

Exports

Exports

Kzuhla

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ