bloodytb_v1[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bloodytb_v1.rar
Size

1.5MB
MD5

84d8bc927b6c59eaafe3a4324378a717
SHA1

f551292b5e71c17057447d2a54c8175ef089319c
SHA256

488074762c91187249d4c0be512f11104e9d72b06a591da45923242b2391e39c
SHA512

567618598e90c7ab8f19ab4bc31ef60c49248180d7245f90608a04946f77a8c0351264e8ea13d00f86cc1ba85ea64d2e80f6a5492882ae214f6853cdbc627fc8
SSDEEP

24576:0Kb3AwvZ5Avo6ToF1z6+qavhqPzymKwMO6VrpSlfHF7yhjbC9hawLesECmOoghGj:93AbMjO2vAzdKwsEfHQ8VetCUEE7Jh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bloodytb_v1.exe

Files

bloodytb_v1.rar
.rar

Password: ru-board
bloodytb_v1.exe
.exe windows:4 windows x86 arch:x86

Password: ru-board

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 43KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zpgzqhnb
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ldipjxca
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE