Dota2 (okmuhb2706)[.]7z | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dota2 (okmuhb2706).7z
Size

13.9MB
MD5

f80d9e4d21ccdf84f67f7e73ef38540b
SHA1

530251752261df13bcf0912047f34199b918dfce
SHA256

62ffacfb338523bfab7165b0ff780693ff45a741fa12a27d6182b1837ce1e240
SHA512

f36c3a77386a6fb9c781a135c6bbeffeff20641fa23d20333d3603a5aa3d9ae6110ab99dab59ec8bddf32c69c014dfd8315b8c83f212519907db4709ff704252
SSDEEP

393216:zg0Zt9W7whg5/1a8/1Ie9QBipHXNva9FrxlJqV/wYQjpvCSQtoxJ:lZwwhgh1dI5WHXNva9FrxlJYpQFqjta

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack001/Dota2/Installer.exe	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dota2/Installer.exe

Files

Dota2 (okmuhb2706).7z
.7z

Password: okmuhb2706
Dota2/Installer.exe
.exe windows:4 windows x86 arch:x86

Password: okmuhb2706

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ratteleg.pyc
.ps1
Dota2/Открыли архив, прочитайте!.txt