c0963476b7b8b189a58adb44cd6bf4d1-sample[.]zip

Resubmissions

27/02/2024, 18:32

240227-w6qsssge6x 9

27/02/2024, 17:52

240227-wfrx6sfe46 9

27/02/2024, 17:47

240227-wda7msfg4t 9

Sharing

Copy URL Twitter E-mail

General

Target

c0963476b7b8b189a58adb44cd6bf4d1-sample.zip
Size

6.0MB
MD5

b620d7b5125858caab0eecd720d3e39d
SHA1

22bdffc7deae0771b0ad4720abeb8a9ba26e51e5
SHA256

4b8a121449087ba40538a9f6fcc87df29817d6aa44940023933fa039211cad93
SHA512

6c1f8a89b0f429cc4753cae7064040e0f0366b70668a2716f5ad71d7f93dd838bca6502cba03dbc6035e0f6578630bb6c81eb52472656b6206263587bcbff0e9
SSDEEP

98304:mxN2c2susqx94bxiTxmhUbtrVprS8kcQBkUlws46pA9g0Ug/MYJg4qEPvCeeVSDr:00zsSg2xHb2OCMHUtYJg4qZe7Osz9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/hesaphareketi-01.pdf.exe

Files

c0963476b7b8b189a58adb44cd6bf4d1-sample.zip
.zip

Password: infected
hesaphareketi-01.pdf.z
.zip

Password: infected
hesaphareketi-01.pdf.exe
.exe windows:6 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DotNetRuntimeDebugHeader

Sections

Size: 198KB - Virtual size: 459KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 571KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 41KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 72KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 192B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 707B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.�h�.��
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 198KB - Virtual size: 459KB

Size: 571KB - Virtual size: 1.7MB

Size: 1.3MB - Virtual size: 2.0MB

Size: 41KB - Virtual size: 203KB

Size: 72KB - Virtual size: 123KB

Size: 192B - Virtual size: 348B

Size: 707B - Virtual size: 1KB

Size: 11KB - Virtual size: 39KB

.exports Size: 512B - Virtual size: 4KB

.imports Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.�h�.�� Size: - Virtual size: 5.5MB

.boot Size: 3.8MB - Virtual size: 3.8MB

.reloc Size: 16B - Virtual size: 4KB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.�h�.��
Size: - Virtual size: 5.5MB

.boot
Size: 3.8MB - Virtual size: 3.8MB

.reloc
Size: 16B - Virtual size: 4KB