ChilledWindows[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ChilledWindows.zip
Size

4.2MB
MD5

5806c691583167135665b6aac348d3b8
SHA1

34d14feafac0946097fbbc03e3be2b235392587d
SHA256

00cf66b0bab94b1ae74d534160a801315df8a7efea764cda906af49f99be54e9
SHA512

dbcda2362ba5aaba904087a512e3423e2356f0e824e4bd4de99f277316afb32e03d6f8ea109d4d046ba9f14fc32f21a5d80cceb982fbce529c6f15abd7c6fa7c
SSDEEP

98304:3bq/G8MV1K6vGSwHDtffGcwhg6C8Ec52kaT5VLUcurUYmCyk5zu:3e/GP1TvGSwj1LwhgdckX/0rnmCy4u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[email protected]

Files

ChilledWindows.zip
.zip

Password: mysubsarethebest
[email protected]
.exe windows:4 windows x86 arch:x86

Password: mysubsarethebest

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\gamel\documents\visual studio 2015\Projects\ChilledWindowsWPF\ChilledWindows\obj\Release\ChilledWindows.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ