Rensenware[.]bin[.]zip | Triage

Sharing

General

Target

Rensenware.bin.zip
Size

83KB
MD5

706fdf21c9e8763c5c03855889c85c0e
SHA1

271aa7743f575d9b40d0a2389777d4a5dfde98cd
SHA256

ef14acc23fcd6e4cc5c2897efdc8b690cff5482e0acba191ae33f93545c7e45c
SHA512

220273bc154265aa1495b913805b5d30803e8d8a03c5fa5f3757e3c34551bb98f7d1dacb0693cbc197e521076abd877d2199ac95e0b0f370b125dba4f3f45669
SSDEEP

1536:H2T2nnl2LbILGeL6DqfBvjt+fdFHZPsR4XBRicGYlGVCkV2y:HrlCbILqDq81FhsR4RkVrL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rensenware.bin

Files

Rensenware.bin.zip
.zip

Password: infected
Rensenware.bin
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\mkang\Documents\Visual Studio 2017\Projects\renseiWare\rensenWare\obj\Release\rensenWare.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ