WH289_2024-09-03_14_46_11[.]273[.]zip | Triage

Sharing

General

Target

WH289_2024-09-03_14_46_11.273.zip
Size

5KB
MD5

9cb197def711c35dd0fe87233f3d15cd
SHA1

df0adf03f3de7228097cb9d639aae43899e10218
SHA256

b88008fd8a445fa650f6b6501c6f04679937b1b018dd5ae1e0d78fc89214a218
SHA512

8fdea8ae43e506b3a0ae4b30ce8fb47444e2cd638e4d6ffe625154692dd9871da9116d7db40b1859b225df0956a86b2ef59d102a24b60ffad7eb0b2eba0bdf64
SSDEEP

96:NkFD4D7G8UtCHP0wGDZ7fYc3i69zowjXN1fK1F02gd8w+ga459EKQoHr7UvqYutr:N+DQ71UtCHPWZTk6R7OdgmgaBKdHr4v6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/Users/RCUser/Desktop/Nickyd.exe

Files

WH289_2024-09-03_14_46_11.273.zip
.zip

Password: CautionHandleWithC@re
Device/HarddiskVolume3/Users/RCUser/Desktop/Nickyd.exe
.exe windows:4 windows x86 arch:x86

Password: CautionHandleWithC@re

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\lkdev\Desktop\Nicky\Nicky\Nickyd\obj\Release\Nickyd.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json