nitroheck[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nitroheck.zip
Size

1.5MB
MD5

31b93a071269edc41f30c5e154211375
SHA1

6fe56e3b9c965ea689a63139bf7c4b5d44c3341d
SHA256

87ed1ec85606e7c2c7719748b02d1cfa4d1085b16cbc425cc39d66f758cc69af
SHA512

ad08c9317d7738e04497d2659af9e055e0cc787f91123f368b8e7420dafef50057f1b85c0058fa73e3b1a2e46339f801d56fac71eeeff77c8aaf2d6a69cfe27e
SSDEEP

24576:IlOC8KFxoVW3U9FWKsVPRae4IRtkhT/+fEJZJScH+CikaoBdI41Es9PaJdnAa26n:IsCMZ9FhsVPFf0rvvJScH+CTaKdf1EEA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/nitroheck.exe

Files

nitroheck.zip
.zip

Password: 123
nitroheck.exe
.exe windows:4 windows x86 arch:x86

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 35KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.1MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hk6g6W8
Size: 297KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pass - 123.txt