rulethilesi[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

rulethilesi.rar
Size

79KB
MD5

bf6357e1931545eaeb311238ff1098f2
SHA1

bd5750d771756842ac3b7409f4a5deabd5b0f7d6
SHA256

c2711aa94b0e878a556075837a916d34fce32762fe02509ee1eb90de899e4850
SHA512

35bc423122bc84eaadf637becad4cfadbe58bd65a83665c5b8d1df7729da4f451322d05a6d184d05ec80617927530dbdae6bff00a5b7f13d487cd6a239909910
SSDEEP

1536:y0G+1xLpiS83/JYJs4MevcVNtipK76GktIVp6cYKn1vDGN4ECy:b1xLpiS83/J4s49vcXDOXyppYlN49y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vip-özel-parahilesi/hilecim-yenipara.exe

Files

rulethilesi.rar
.rar
vip-özel-parahilesi/Teleport Locations/Custom_Locations.txt
vip-özel-parahilesi/Vehicle Handling/Handling_Tuned BR8.txt
vip-özel-parahilesi/Weapon Data/Water Gun.txt
vip-özel-parahilesi/hilecim-yenipara.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Lil_N\source\repos\WealthBoosterOverlay\WealthBoosterOverlay\obj\x64\Release\WealthBoosterOverlay.pdb

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ