Van[.]7z | Triage

Resubmissions

03-09-2024 09:31

240903-lharkatamj 7

03-09-2024 09:22

240903-lbyj2stgpf 7

Sharing

General

Target

Van.7z
Size

2.5MB
MD5

8337ba25c923309f2ae7431e0afe1cba
SHA1

c2d8f6e742c4274a4bbc5fb641ee29483da49a50
SHA256

15fa86cb0fc2faac28d529529ba9e1688f43a87ca6c43e411e247eeafa6959ee
SHA512

ff91c9b9617dc58902293b18eba20e2426cf415acbd5b12d068a640a54d12d61e184a034a09f01f87a746800793d5c58ebb25297ecea3cde25cf6c52e1bdc19c
SSDEEP

49152:OWq9nz0jf4sTzy8bxx+5apMgLhsa2sxn83uJwhNSJn2iVjD1Z9yHCflVaWjUh:OWq6zX/y8y8pMasa2t32whM7ByHCtVjE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VANGUARD BYPASS.exe

Files

Van.7z
.7z
VANGUARD BYPASS.exe
.exe windows:6 windows x64 arch:x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Sections

Size: 325KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bhqgvnff
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gkokrkao
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
slayts.1337
test.txt