urelas | 4944bac4fda18a26cfdca198ff0da1df[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4944bac4fda18a26cfdca198ff0da1df.zip
Size

55KB
MD5

ff3737eec67cebe86d1222a02cd79269
SHA1

c503ad6a45e7402f6ff9df1489a546d8be36e157
SHA256

6e9e69ecde4829b623102d9819ff3b5df8629b61e33a2a4a47758c2d7ccf37be
SHA512

347bec243427e0ec859872ddb7c87ea554b958e1a1bc0f49d6139b8f56767bcb445befec18f3e293bb746fc3e3fa25fff70214f5df706dc2a6d72f24cb1b88de
SSDEEP

1536:zhCpxGkOpiHH7UfV+sP3yMlQSlP8T6iO1J13S7:zIGk3HSVriMq4PdX1i7

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/94c77b5653e350314c324c0974bd076f0d12466854d39a9261dfac5f2654413a

Files

4944bac4fda18a26cfdca198ff0da1df.zip
.zip

Password: infected
94c77b5653e350314c324c0974bd076f0d12466854d39a9261dfac5f2654413a
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

OPSDGWFD
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE