Release[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Release.rar
Size

3.4MB
MD5

1ed5a87b9c06058b3b58b9a0eae9772a
SHA1

d7dcef2b8e9a350f5839f70b060ce6eedf8ea4bd
SHA256

15d822de49c0d6ac346be9db58ed5525e5c356f8e3db416e8d9f59a663046852
SHA512

84191cc775f83e621a0052ae17edbdb24268a230019ab33baff789218b1f9ae1700d0a52667aa0e4108df9a7ec363e63721820c97816844791daa5432c70fa08
SSDEEP

49152:0X69RJCFsn8kBx65CPfBs0kGotNkGtjF58p1xT9a0E7jByaCYDWCk32nvjnMgo:FvMW8M68ffkGKRDs1xe7DCYp0mvbMgo

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Velocity Perm.exe
unpack002/comet.exe
unpack001/comet.exe

Files

Release.rar
.rar
Logs/ErrorLogs.txt
System.Diagnostics.DiagnosticSource.xml
.xml
System.Security.Principal.Windows.xml
Velocity Perm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\adona\Downloads\pulse\pulse\pulse\obj\Release\comet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Vmax Perm.rar
.rar
Logs/ErrorLogs.txt
System.Diagnostics.DiagnosticSource.xml
.xml
System.Security.Principal.Windows.xml
comet.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\adona\Downloads\pulse\pulse\pulse\obj\Release\comet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comet.exe.config
comet.pdb
pulse.mystizal
comet.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\adona\Downloads\pulse\pulse\pulse\obj\Release\comet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
comet.exe.config
comet.pdb
velocity.vixl

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B