240612-f7y8kasarl_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240612-f7y8kasarl_pw_infected.zip
Size

20.1MB
MD5

cc828c7386db34fcf17bfd2cb8fa6882
SHA1

0c33dd15da729f0c6fa3f79c2d0368aaf1fde2a4
SHA256

5331ebfab32694ab3801e36bd575c0b7adfea2461d8ffbc664d7ef7ccadccc45
SHA512

8e9910e4481f9e1653e447a957daf9a42bb9b048abb6bc4cf2262ab8026a05b7fbf295b64b06c94272b4f9e519f33cba03089d6b61100ba39f9db0c7c8a33d72
SSDEEP

393216:w5mPkDknstRHrvALBd/okAhF/mxXtvWxvcMSScNylH4I20jAeccl:qyUpXHrI3zG/SOB+yh4I20jlcM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Nexus Release/Nexus Release V1.7.exe

Files

240612-f7y8kasarl_pw_infected.zip
.zip

Password: infected
Nexus Release.rar
.rar

Password: infected
Nexus Release/ByfronHook.dll
Nexus Release/Nexus Release V1.7.exe
.exe windows:4 windows x86 arch:x86

Password: infected

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20.1MB - Virtual size: 20.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Nexus Release/assets.dll
Nexus Release/instructions.txt
Nexus Release/license.txt