RAR[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RAR.rar
Size

17KB
MD5

33751716eeb33cd2da2b906d54d16c9f
SHA1

87b4c494b5d722878756ada3cf692bad88b08eae
SHA256

832b9d1f9e279baedc0a3a338e13cb77deeaf639067805baa476661568a68afd
SHA512

861a4243d4d582ea578dcebfd89d1c3eece2164b193e184c13f970b348327f1769db5b9c2804fdd50024b6fd86393bac9be5c3b84d9c0b3f81b6d6e48806da1c
SSDEEP

384:+dpQQlP1OMv1oxGMra8R4DEa08guSRjQsg/3BUmKo/GTDzp:spQedOH1af0puSRjQp3BUpoOrp

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debug/CeleryAPI.dll
unpack001/Debug/TestDLLVirus.exe

Files

RAR.rar
.rar
Debug/CeleryAPI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\VisualApps\CeleryAPI\CeleryAPI\obj\Debug\CeleryAPI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Debug/TestDLLVirus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\buzda\Source\Repos\TestDLLVirus\TestDLLVirus\obj\Debug\TestDLLVirus.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Debug/TestDLLVirus.exe.config
Debug/TestDLLVirus.pdb

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 19KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 932B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 932B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B