System Volume Information[.]zip | Triage

Resubmissions

17/10/2024, 09:35

241017-lkkpjssamg 7

17/10/2024, 09:33

241017-ljn1ksvgnj 7

17/10/2024, 09:33

241017-lh9kws1hrb 7

17/10/2024, 09:30

241017-lgwyeavfqr 7

16/10/2024, 14:07

241016-reybcaxcjk 7

Sharing

Copy URL Twitter E-mail

General

Target

System Volume Information.zip
Size

2.3MB
MD5

793bb5042d900ff4c22fea144eefeefb
SHA1

60bc7e7abe8e4a79d4058001ecf70353d9baf9e8
SHA256

d7f9382d170201b4d743843832d51b092f7dfa04efc4c0507106203c6049a1ad
SHA512

55a6f39e5bd6ad2809f8b75fc8f4973e3122f6fe48be285445a4befef5a9d295276cfde0ebd77fe0c1ee89dbb7e6363ac4ccca40c33618e667b103b07ae46a2a
SSDEEP

49152:yOboSUzVzb7ahG0id0U0rji/aoyhgESSIoTcsP3iPEUDQcoi/X:5MSCVzb7/x70rHoUpP3QEURX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/System Volume Information/SAMEDI.exe

Files

System Volume Information.zip
.zip

Password: infected
System Volume Information/IndexerVolumeGuid
System Volume Information/SAMEDI.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\M.Reza\Documents\Visual Studio 2012\Projects\vhostdchsystem32\vhostdchsystem32\obj\Debug\vhostdchsystem32.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
System Volume Information/WPSettings.dat