F_[.]7z | Triage

Resubmissions

23/08/2024, 07:53

240823-jre2jasenh 8

23/08/2024, 03:25

240823-dy1nxsshkd 8

Sharing

Copy URL Twitter E-mail

General

Target

F_.7z
Size

73.7MB
MD5

2e95c15b4426c8e0ebb75ef461c1ec81
SHA1

f47e6e06f862f1f03bd457924388e7150c7cc8b3
SHA256

0112060f1abf70deeb7ade26a4a5147b3eae3ea2972bc19cc5f882bf05109519
SHA512

5138ab6d8bc67dfa9a0957588ed200ce04ea211a34982ce7ec90a716643bb2c8f4cd4a65f29274708137b335d84dc87d176ad994767dd4cb245b2074cda063d3
SSDEEP

1572864:dlMwqYc1X4ftWo9BvD7UIEpXWMagRSl1MAG1ah3HqqLOwRAsIF:dlPTkofMo9V7+pxahlOA93TOUkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/F/rootdir/x249569.dat

Files

F_.7z
.7z

Password: infected
F/USB Drive.lnk
.lnk
F/rootdir/rootcomp.dat
F/rootdir/x249569.dat
.dll windows:6 windows x64 arch:x64

Password: infected

39cb0baf02306a6dffa5a91a7623c5c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
HeapAlloc
HeapSize
HeapValidate
GetSystemInfo
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapReAlloc
HeapQueryInformation
GetProcessHeap
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
VirtualProtect
LCMapStringW
GetStdHandle
GetFileType
WriteFile
OutputDebugStringW
WriteConsoleW
GetStringTypeW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW

Sections

.text
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78.1MB - Virtual size: 78.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fptable
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
F/rootdir/x447823.vbs
.vbs
F/rootdir/x447823.zip
.zip

Password: infected
x447823.vbs
.vbs
F/rootdir/x615759.bat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

39cb0baf02306a6dffa5a91a7623c5c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 256KB - Virtual size: 255KB

.rdata Size: 78.1MB - Virtual size: 78.1MB

.data Size: 13.1MB - Virtual size: 13.1MB

.pdata Size: 13KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 348B

.fptable Size: 512B - Virtual size: 256B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

.text
Size: 256KB - Virtual size: 255KB

.rdata
Size: 78.1MB - Virtual size: 78.1MB

.data
Size: 13.1MB - Virtual size: 13.1MB

.pdata
Size: 13KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 348B

.fptable
Size: 512B - Virtual size: 256B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB