NursultanLoader[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NursultanLoader.rar
Size

206KB
MD5

3d8169d8ab98d312993718041703b609
SHA1

2743a78f774ce96c9b540e874be7efb23337b7f5
SHA256

4ac4e685d2187ac67f5ed67eea0b7d2b0a31d137c35a6c85861643e16e368b7f
SHA512

d38ccda1ed9e24cdf3e8ce66e3ff5261bba7ecccf491f41cdc109bbb7e1a2268690616b3c0561836c084a59693d0118857cd56ba72899c578ed3c32e58d02f41
SSDEEP

6144:8jbNkGnSP/56nE3kPeKtwlUELbs9RpPNY5H2x48:ExkGm/YnE3kPvwXbsrpPY2e8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/NursultanLoader.exe

Files

NursultanLoader.rar
.rar

Password: 123
NursultanLoader.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ