Mail Ripper[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Mail Ripper.zip
Size

9.2MB
MD5

d31faf9156cb6e26979f6a2619d3af7a
SHA1

e2b44c1de5efeee5530b07fd387d530491d89113
SHA256

4ec197abd2dfba3b132bec8254487ca665cd36b951051d4a5c45918ef3677037
SHA512

6b163aefc800729ea8d85963a61e02119787f1d16fc08e4186cfef2124de4e1abd4e0079cf81a38d1dfb830bdba099985e33a6f98c221e40834f6f4e9f882891
SSDEEP

196608:aSu/JdSPUOHgOyYeRHxQ/cSBSaKzC6Ii0HLVstD92O5JZxkZwMwwAUF6:a0DyYexxqcqKzv6LVstIYIQ

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack001/Mail Ripper/Mail Ripper.exe	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Mail Ripper/Mail Ripper.exe

Files

Mail Ripper.zip
.zip

Password: 1
Mail Ripper/Mail Ripper.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\PC\Desktop\exe\Mail Ripper_new\obj\Release\Mail Ripper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
q.pyc
Mail Ripper/Settings.json
Password.txt