Keygen[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Keygen.zip
Size

2.0MB
MD5

9bab6b615c50c4cb7efd65dcbbc782f8
SHA1

9f6d626ed7a9909d65bce8208230cfdb210e78ad
SHA256

c68570a69cc5ba271e47cc5590f723f820c8f8dd565cea5d8d76dcf6399179d3
SHA512

7283fb133bdab2f0b5c7031a1fb19511e31d46b3c03c45e217fcc291b4b993c98bc78b3ac0770d0ed4bbca8cdbb8761611faef3b07d6f92870d826dd64584bd9
SSDEEP

49152:daq96jS8K3s5NSHNo5+mNxhadWjSv5Rs9r4nhOetJFjZmcwX/dbql:dAtH5NunCxU1+N+hNJFjw1Gl

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Keygen/Jasi2169 NFO Viewer.exe
unpack001/Keygen/Keygen.exe

Files

Keygen.zip
.zip

Password: 123
Keygen/Jasi2169 NFO Viewer.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Jassie\Documents\Visual Studio 2022\Projects\Jasi2169 NFO Viewer\Jasi2169 NFO Viewer\bin\Release\CryptoObfuscator_Output\Jasi2169 NFO Viewer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Keygen/Keygen.exe
.exe windows:6 windows x86 arch:x86

Password: 123

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@$xp$6TForm1
@@Jasi@Finalize
@@Jasi@Initialize
TMethodImplementationIntercept
_Form1
___CPPdebugHook
___setRaiseListFuncAddr
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 967KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 31KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 602KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 338KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 133KB - Virtual size: 133KB

.reloc Size: 512B - Virtual size: 12B

.rsrc Size: 21KB - Virtual size: 21KB

Password: 123

Headers

File Characteristics

Exports

Exports

Sections

Size: 967KB - Virtual size: 3.2MB

Size: 31KB - Virtual size: 312KB

Size: 1024B - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: 13KB - Virtual size: 16KB

Size: 1KB - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

.rsrc Size: 602KB - Virtual size: 988KB

Size: - Virtual size: 260KB

.pdata Size: 338KB - Virtual size: 340KB

.adata Size: - Virtual size: 4KB

.text
Size: 133KB - Virtual size: 133KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 602KB - Virtual size: 988KB

.pdata
Size: 338KB - Virtual size: 340KB

.adata
Size: - Virtual size: 4KB