Shell[.]7z | Triage

Sharing

General

Target

Shell.7z
Size

1.6MB
MD5

3d6f27af465677a62e2f72aee7e2c0f6
SHA1

234cb4f1333a53129ce8d58f4f37aefbf1f6d6df
SHA256

656399e157ed4116fd056b5e4889c25773d62c4862ccdf9646a3c27884d01576
SHA512

8338e2930f3e52fb8996b9ed7c30b27a665c2fb57c973da87effdb711724c3ab5b40f4ee60a849c1910d2fe1cd05b69327db0814aff7399e3a3546dc0751e169
SSDEEP

24576:YJeRO3VZAScexWdmv+eOel2gfc67JO7DaMwVYEyHyIa7x2qtfJrPPcArPiCVw7P6:YbKSadKAcE46q1yHyISPPcGVw7P6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Shell.exe

Files

Shell.7z
.7z .ps1 polyglot

Password: virus
Shell.exe
.exe windows:4 windows x86 arch:x86

Password: virus

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ