16850805246[.]zip | Triage

Sharing

General

Target

16850805246.zip
Size

174KB
MD5

1a7c94dc9a224b817b2f3863bbae65ba
SHA1

94e18ff42782f5d6c317447077273e6de9dce883
SHA256

4dd4d415e936f81a44e8f80064c79df1305c5fd109a1aa0f6d55e546960535c5
SHA512

27c93c2b021ef27e181c6853793b3ee18dca27c993af8a3bd90db2aca39c8816afb25aa0db146ac10b0c8222e14175cdab7a458d14510fc4bd016ee52804f160
SSDEEP

3072:4zQO7z2LKku2UmBwmSaCZjBpzdRgs1o6B0Aehslei/HtDPPGOhMXSjVwsSYKDgN:4zQUjkwmSTX3N7Dei/pPPTp3tN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack003/billets.png

Files

16850805246.zip
.zip

Password: infected
34c45b411c3de8614c85819eb0b887e7c293349de463ecdc20a88c0a71b68d68
.iso
out.iso
.iso
JO-PARIS2024-Billets.lnk
.lnk
billets.png
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
img.jpg
.jpg
rickroll.cmd
.cmd .vbs