240816-rstv3sk633_pw_infected[.]zip | Triage

Sharing

General

Target

240816-rstv3sk633_pw_infected.zip
Size

92KB
MD5

e3f2aabc5b61d7dc60915fa71eca81b3
SHA1

a591d3c06de042826c5fc607e89c1a500dd4f601
SHA256

e424e3ac235b4bdc894157a32a057aef20ed23600cbf68c205afaaf6d97eb965
SHA512

4ef7d0150a24d7b3e1ea52d3d07dacbed3fb3c70b9c96f8fef4513de328b24729ab8f26a30e8c0669ceb4f695a5fee29ab4b05d25d25d289d36160f593f2553e
SSDEEP

1536:QkfdHaUdUY8dkOT6bd/ox/GGfN8x3npM31c7whkzPvhFzLt23mQXZe6lWjaUPUO3:bdHaU4qI8d/ox+GF8x97whGvl25Ze6Hy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d601d4e08bf2fd6e275b93ed87cb05846b0d914263aeeae35bf0bb0d0f353bcc

Files

240816-rstv3sk633_pw_infected.zip
.zip

Password: infected
d601d4e08bf2fd6e275b93ed87cb05846b0d914263aeeae35bf0bb0d0f353bcc
.exe windows:4 windows x86 arch:x86

Password: infected

3995883c237641e217a4a7fc4253f742

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

mpr

WNetOpenEnumW

wininet

InternetReadFile

shell32

ShellExecuteW

Sections

.text
Size: 88KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE