urelas | 2507b188b4ca26540602e77b38cda045[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2507b188b4ca26540602e77b38cda045.zip
Size

333KB
MD5

e7eaf3caad0cf3e6ff32ac188ea85714
SHA1

637dc9c78f626d48d484be0e07bc25c713d0cdfb
SHA256

a4db76c8dedb91a1a6f6bde86384f2bca2e93e97b5c72586c96c4a75e2eb0357
SHA512

49636d03f145a50d383abd478d2de1ee52eefd53e03c444ca15a1654e74050ac2cc36e0b60fc07a423d22010882333f4a8633842288350d919b71682caef5610
SSDEEP

6144:uFhYUAoobd281d1lCk6JG+6VvVzHF8aQzbG1dV1iWwetV0oLyg+tS:RPnb801lCk6Y+a0bekEV0oLyg+tS

Score

10^/10

urelas

Malware Config

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ac3aec23fc611d99eefaf24659c5b4955f2199b0e831bfaf70d9758bb0f80f92

Files

2507b188b4ca26540602e77b38cda045.zip
.zip

Password: infected
ac3aec23fc611d99eefaf24659c5b4955f2199b0e831bfaf70d9758bb0f80f92
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ