Prism Release[.]rar | Triage

Sharing

General

Target

Prism Release.rar
Size

5.0MB
MD5

2457eb120e8fbef34c97cef775362cc9
SHA1

547d2a58c06febe45ba1f0deabdf68b759f40029
SHA256

1f4fbb86e1e513b8bed2fa7a011d094e9f4dbb213e7ae8c34693c6f5343442c3
SHA512

e9e4ac28364ccb457000f9863ac3b8616b75bed9b52e815d90d6fceff6305c823df06548263555d81758af5f6fc5d3cfde2fed64e3c774075abf2801a181a4fb
SSDEEP

98304:ehIWTfpVs6CcFSLDyaWHWbv93eBBTWWXBmxvWryhangOJnTo5Q9i:ehIWTh26Cc4LGQ7mrBGWSaLZTkQ9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Prism Release/Prism Release V1.5.exe

Files

Prism Release.rar
.rar
Prism Release/ByfronHook.dll
Prism Release/Prism Release V1.5.exe
.exe windows:4 windows x86 arch:x86

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Prism Release/assets.dll
Prism Release/bin/autoattach.dll
Prism Release/instructions.txt
Prism Release/license.txt
Prism Release/workspace/Saved Scripts.txt