Persi0[.]zip | Triage

Resubmissions

25/07/2024, 11:39

240725-nsfrnswhkq 3

25/07/2024, 11:32

240725-nnmpeswfmn 6

Sharing

Copy URL Twitter E-mail

General

Target

Persi0.zip
Size

12.1MB
MD5

7a752df59f3bb6d8fa5d9d133b2e4f85
SHA1

8c85cda149f4f030bb3a2fc2e581514cd7f2f68e
SHA256

9a3b30aad2d188d863eaba7ea10cbfb4d88d13f6fc05dafe952c216d7274f900
SHA512

de883a9badf001d8047d0af7532d2223781fa17f9ec76fb8b483726995483633564a884270c0c175c9776fce3d0eb5f38b12266130ce4d2c33b0546288b8480f
SSDEEP

393216:KVNn7PKY7nhotsw8DUS+YH1BxmqRqXzceu:ON7Pp7hots3UStVO1nu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Patch.exe

Files

Persi0.zip
.zip
Patch.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Persi0.sys