MACROS-RETO-DFIR[.]zip

General

Target

MACROS-RETO-DFIR.zip
Size

106KB
MD5

d1475cd5e8a46d9c1116dfe65d9f5e39
SHA1

c01172b22fab64c6d387af9b61d513af7e8e33a7
SHA256

33180ab9b8611dad2a48eb4dfcf9b0da28ba02381dbbe23fe67551063d77f94a
SHA512

416a8b0544d03fc1ec4c7397be9af746c1a835e76d4b4fff491fdc21a284a7dbf43561f1631f6f0b7d822eb3f37d33764235a108c042e176a47b63455b7f046d
SSDEEP

1536:Tvd/zEPlZjXD4iQG6cKmQvXe6qt5CcPZq3MIJXsIOkDY4HMGVo/n/1I:5CNDrpKbeDt5rZq8IJX3Ok04H/O/W

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iroto.dll
unpack001/iroto1.dll

Files

MACROS-RETO-DFIR.zip
.zip

Password: qm
MACRO-DFIR-RETO.xls
.xls windows office2003
iroto.dll
.dll windows:4 windows x86 arch:x86

Password: qm

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.code
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iroto1.dll
.dll windows:4 windows x86 arch:x86

Password: qm

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.code
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: qm

Password: qm

Headers

File Characteristics

Sections

.code Size: 344KB - Virtual size: 344KB

.edata Size: 512B - Virtual size: 176B

.data Size: 1024B - Virtual size: 4KB

.data Size: 3KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 68KB - Virtual size: 68KB

.bss Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 896B

Password: qm

Headers

File Characteristics

Sections

.code Size: 344KB - Virtual size: 344KB

.edata Size: 512B - Virtual size: 176B

.data Size: 1024B - Virtual size: 4KB

.data Size: 3KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 68KB - Virtual size: 68KB

.bss Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 896B

.code
Size: 344KB - Virtual size: 344KB

.edata
Size: 512B - Virtual size: 176B

.data
Size: 1024B - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 68KB - Virtual size: 68KB

.bss
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 896B

.code
Size: 344KB - Virtual size: 344KB

.edata
Size: 512B - Virtual size: 176B

.data
Size: 1024B - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 68KB - Virtual size: 68KB

.bss
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 896B