Software[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Software.rar
Size

21.8MB
MD5

be14a42e5d7906ce73abbd4b1b788ecc
SHA1

7402936608e25acb4bbbc4b98d8539d053424aae
SHA256

32102907e2ce9178e016d2c123d0b2714fe6c1e9f5cb3eb16cb052dd01faade2
SHA512

24ff1a42de985221216a6d5db979b16ceae191ba404e9faca566c9f35c005a9e26e70b9f3e145c65902b8355042049934cf5f79536100f480120ef039b4f416e
SSDEEP

393216:MS0w0OM4/9SZhtiLOndIK6z8L7BXcklrX3WUzYIKbjXv92oymtzuPPAU0+dy:luOd/9SZmLOndIKx7BXJZX3WU8fbzv9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Software/Boforuz.exe

Files

Software.rar
.rar

Password: 4545
Software/Boforuz.exe
.exe windows:4 windows x86 arch:x86

Password: 4545

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 623KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Software/config.cfg
Software/setup_info.sii
Software/x64.dll