1337 CHEATS[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1337 CHEATS.rar
Size

4.3MB
MD5

586865fc15ac6ba21c9c0df35b1dbb4d
SHA1

5199228af443a79d9619055b9f53bd97702912f9
SHA256

f4b76f8efdc1775f7a701f5883fb27bfff3f9bf81cfc7d0dd6e42de551fe87f0
SHA512

0566f41d0f2cfe367ecbbca8c43a526ecd09e4f39596f16255fb21e5fec7ef167c4471b39f648093025a9c6f69f933abeb32dc34ec7ab7e0a9a937b9bb034c0d
SSDEEP

98304:1Szs5OQ3/F/18VfZUH9BgQUGTRgOEqIEFrgxs40G5MxlD9e2/WxbvW91:1SS3/t1SwUGTRiS8CG5YlDQ2/Wxbvq1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iseone.exe

Files

1337 CHEATS.rar
.rar
iseone.exe
.exe windows:4 windows x64 arch:x64

9bfd2dac39af50555ae9789117b36b66

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

strlen
malloc
memcpy
__argc
__argv
_environ
_XcptFilter
memset
__set_app_type
_controlfp
__getmainargs
exit

kernel32

Sleep
GetCurrentProcessId
OpenProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ