payload[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

payload.7z
Size

1.5MB
MD5

cbdd2075ef42432f31788af7a6c425a7
SHA1

f10e7045c3a6729384f593f3c85dab3ac0905b96
SHA256

5c4dbae752c64c12685d2255f0b5c2c183fb85e186bed7aea57b78bf58966fa8
SHA512

673e744ad9546247446a1edf7e59150ad324cb1e983a7d89bac2e0e1d0a559debbfb025a2861a3cf8bdb1fcb15913609e7e4373cd9b9852f6be1cfdb13e95c94
SSDEEP

49152:H9gnY0X5SWJg8rh38R5r6lQRI1lKIgKNb0CX8:unYM5gJmj1l3gKp0CX8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/payload.bin

Files

payload.7z
.7z

Password: infected
payload.bin
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ