MADARA[.]7z | Triage

General

Target

MADARA.7z
Size

144KB
MD5

f37b55f51f5afa9c7ec5c846cda637cd
SHA1

32f4f168928254350df0136dd71a3b0baa114bfc
SHA256

e1648229393090852bbe9fc29f5998e5532213c32ff69002cf589b4e96747637
SHA512

2ed48873793ffee1d441e256b441597d125b1c018e984c2bfa6a015630352c122a4701b7e71552101c3f2be2155093b93fb50e95e62dd011ecddeb2a09347e51
SSDEEP

3072:QtqxqwNZ3XDJDslnCRXrJ4eDpkTnOoI35vQiQ6QJdUEGrmK1GuZj5u:QtqkwNJTJD/D7c+YV6qUR4uZo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64/Startup.exe
unpack001/x86/Startup.exe

Files

MADARA.7z
.7z
x64/Startup.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

}}|x2Gj
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x86/Startup.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

Ys@;#$
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NUL
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

}}|x2Gj Size: 46KB - Virtual size: 45KB

.text Size: 135KB - Virtual size: 134KB

.rsrc Size: 6KB - Virtual size: 6KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

Ys@;#$ Size: 46KB - Virtual size: 45KB

.text Size: 135KB - Virtual size: 134KB

.rsrc Size: 6KB - Virtual size: 6KB

NUL Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 12B

}}|x2Gj
Size: 46KB - Virtual size: 45KB

.text
Size: 135KB - Virtual size: 134KB

.rsrc
Size: 6KB - Virtual size: 6KB

Ys@;#$
Size: 46KB - Virtual size: 45KB

.text
Size: 135KB - Virtual size: 134KB

.rsrc
Size: 6KB - Virtual size: 6KB

NUL
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 12B