Kapaloties[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kapaloties.rar
Size

6.2MB
MD5

16479aa20884c779477cda8cadf47dbd
SHA1

074cda212c5451581416d1dcacbfa396a70fb5e0
SHA256

2ac84ba1b2a0c5bcccb9b1f709fe764866aa6ba1307b4faa2a855266c35dfe3c
SHA512

f5c5a4d397939cb05156699aed0cad9072d07b7dbe4011d80d41d8d03c4f1a335226fac12782396d8d5ced5f5c66228c932214cc91b39070571c5f6f204b2f63
SSDEEP

196608:Fb1R8E8r0YL2NbzJd1T+C1FyaIQmRVWdFZ:Nr8PYYL2NfJbT+Ska3mRVkFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Kapaloties.exe

Files

Kapaloties.rar
.rar

Password: infected
Kapaloties.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.Rose
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Read Me.txt