buRJvM3Rnc[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

buRJvM3Rnc.zip
Size

7.9MB
MD5

467baf0c7db6d42de28a91195ac38ed6
SHA1

2cc9b3926078a111e0d421288cd73cd6c51d308b
SHA256

eb79fed75264d0dda6c0da379a8b3b5f3ad097fa425e0f084004e3101c0dd992
SHA512

bcc01ba9038a06e9fe767b690b27e2337e4f69c3e95adfc91e5dfc1db54a44413e80a6217739730aa35b7a3b783edddbeee74ca45934bf8be00366cf660e837a
SSDEEP

196608:HptXDIANwnf71MomdtwKVmILxZMLRXqroHGFBJmc5CJUAQIdNGwG9w1wxaeSQ:HzD+f71Mom3zcGPMwrXFjmc2Qr9wqxas

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/buRJvM3Rnc.exe

Files

buRJvM3Rnc.zip
.zip
buRJvM3Rnc.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 257KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 10.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gfgvxluv
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xwwuoaze
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE