patch-pass-123[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

patch-pass-123.rar
Size

5.5MB
MD5

d5aa69220f3047639c39c0cdf65bbb83
SHA1

5026b8e012cf3e00fdb95e54f01579f09201f4a9
SHA256

e85670534d8f4099a91ab215ab87405d2d2e0939e8f71ab60d9e92009c314c09
SHA512

27c29da7253b4a3e225460a087d06ce8057338dca380e57f38672392144f9fe85bf99dc0a37c06ca77e57b854338e202d1e69e87850f2a7fac3d16d8dd32cc61
SSDEEP

98304:AevncyQwS8uVd4t7SqfyIN8BG8ZIcB06sb8KWD5yUxVKrzEe58SqmyWPSQVSLoi9:AGnDQNAB8s8JUteMvX5VmXcY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bloody.7.v2021.1007-patch.exe

Files

patch-pass-123.rar
.rar

Password: 123
bloody.7.v2021.1007-patch.exe
.exe windows:5 windows x86 arch:x86

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 321B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 46B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 35B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 602KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 56B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

bidasci
Size: - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
bloody.7.v2021.1007-patch.exe.sig