PackageSync[.]exe[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PackageSync.exe.7z
Size

391KB
MD5

7076e44e1cb36b3744489a7cbfdd0cf2
SHA1

ed04ddfcac9580ed6b29f9a706ea196d2b51ed61
SHA256

c500c825bd994f9f4e137e5f038e405cc90a2c645281adda3005fb81e5129ef6
SHA512

15f3b3be39b857ae23bf15ecbda1d7b9ddfc56278cff7d7a0ee386e75f20df08cb1ece672f987109949cad4f1fe8beed9cb186409e6a9b5c30b3dd86105354f8
SSDEEP

12288:qp0ElowJ5SY4NoRanO0vsKPgL/JFVaU36:qpPoWcQy5vVPG/JG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PackageSync.exe

Files

PackageSync.exe.7z
.7z

Password: infected
PackageSync.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\vb_net_repository\Catia_Installation\PackageSync\obj\Release\PackageSync.pdb

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ