240812-hyjsmaq76x_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240812-hyjsmaq76x_pw_infected.zip
Size

186KB
MD5

2e40785dcc44f822c027f1e6ff4d240f
SHA1

0c64f03d65831b9099a765338dc6f93b8e0d8188
SHA256

c07ad728de4303c2d066cec4d34f594073ceddd1b28c1d078644333aa3791eef
SHA512

893b5d0da83fe5a393841523d7897b9570d9db4465096e821a052903a744f0c94a38513bb356e557b0a33d68b35addc03dd386fc4c8e271d94e6ead85bc84c70
SSDEEP

3072:1LVmuNExeNSlhut9QMVk6a1pYTptL85z8hWJqEe0469ataHYv8u1LtDnQTO+:19NghuAA1CYjINYWJ40dUl1nQi+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Activator.exe

Files

240812-hyjsmaq76x_pw_infected.zip
.zip

Password: infected
Activator.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Coool\Desktop\WindowsFormsApp1\WindowsFormsApp1\obj\Debug\WindowsFormsApp1.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ