urelas | df207e2d6fa8c83656632f0652b1ac3e[.]zip | Triage

Sharing

General

Target

df207e2d6fa8c83656632f0652b1ac3e.zip
Size

55KB
MD5

5bf6119e97569b63be3809e23938e6ab
SHA1

957bdd17a2ddde09119fe1ae70100a13f04003a3
SHA256

42cc5f742e9778fe76ac83ee925051bcb779e3e3c730c64168068e5336f83af9
SHA512

510572482fdbfd31c46f658f232ea68096fba0af36dce0e2df587f34bcd712bef5249409111e17e0eddc673c94dd9a2cade039c6358e7f3840bd3e5c502e0fed
SSDEEP

1536:/0RnnpviJDPbipHaO1/8pgVbXK0d3A83L:/0dpmbipHaYkpmQUL

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10b5ff9b81639324658dde456ad3ae8b495472b09e3a249a09caa2432152618f

Files

df207e2d6fa8c83656632f0652b1ac3e.zip
.zip

Password: infected
10b5ff9b81639324658dde456ad3ae8b495472b09e3a249a09caa2432152618f
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

OPSDGWFD
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE