Setup (infected)[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup (infected).zip
Size

14.1MB
MD5

4ce6bb7daa122788b98ae7f97837cb0f
SHA1

b376bf429bf7e13e906d1356cc91a6385ed1d076
SHA256

bc1d320734c1b11102703aca955d65ef0ad4a8a04375dade44591b6a497817d2
SHA512

4ea451fefebf3450a2774e57ac43b1046754fb556c25fe3912d6274a9512650179d0898a08d9bedd4bf655beb655a559be43cd9d3fbcfc65a63086d816537096
SSDEEP

393216:KBBaTrPYQmgsmaNf4yeOXE0c4uNrmbH9Svg7txz:KbwPVT4eOXEU3Uvcxz

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack001/Installer.exe	pyinstaller

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Installer.exe

Files

Setup (infected).zip
.zip

Password: infected
Installer.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ratteleg.pyc
.ps1