Lean+Woofer[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Lean+Woofer.zip
Size

53KB
MD5

962bc3357176bd3916024811201508f7
SHA1

1bb62c421a08743c50317a333116f25ced3fb460
SHA256

b45dcb9d83edbb96b78ceecea7ef60412b5726cbc7ca229e7b6d35266d400e97
SHA512

c69681472ac7ff7eacfaede7c79e266313a89fc7dcad641193d0b8f0cb6d0387f9ced2a493f6e7f636dd0c8c518a1d81f0308e627d08efe81e89abe218f1ca97
SSDEEP

1536:SNh5l/p3ya/d3pWeDsT9C5vcbeswU6GiAn:SH5xZ7/d3pWqsY5vcbxLrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cracked Loader.exe

Files

Lean+Woofer.zip
.zip
Cracked Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Remove_Trace__Clean (1).bat
.bat .vbs
driverLoader.bat