BOTIMBETA49_5[.]zip | Triage

Resubmissions

11/03/2024, 14:31

240311-rv1reada9w 3

11/03/2024, 14:26

240311-rr8mvada2t 3

Sharing

General

Target

BOTIMBETA49_5.zip
Size

921KB
MD5

a0998ed2086a88d066620d09ccf19da3
SHA1

b360886eaa58287006d82d80519c9a7fb9b40aa4
SHA256

2d937d18a064faf27e051a4b025bbd09ef43d20cf359268e4175682d32b75f8d
SHA512

8bb00f42d5e4056083a70996f63413bcb3e95a32948275c6959f5e9e3965080e53f054fc3ce52a59cf2729772468fa6515200574602d633eb8b8b6975c99d2b2
SSDEEP

24576:vj+kIxAy+8162zpMDDW05mx2BZsGYzBDV4Emwwa:KkIxAy+c62Ci0mEkGYzZmwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Black Ops TIM.exe

Files

BOTIMBETA49_5.zip
.zip
Black Ops TIM.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\VSProjects\BlackOpsTwitchStandalone\BlackOpsTwitchStandalone\bin\Release\Dotfuscated\BlackOpsTwitchStandalone.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Licence.txt