g[.]rar | Triage

Sharing

General

Target

g.rar
Size

229KB
MD5

478414f347baf851f794d8d55fbfa973
SHA1

66ce3d78cd80ad2ae5e4eb695a78dbc30c8499d9
SHA256

827944a023e7bfc83a2a7c226f19bd8c63c298e1403cf5cadecd44339e02418b
SHA512

1196373f58fa253d21d9af2e03880286ee22a92f7c0a23c7640045ec03dd20c5c664fb46a475f38e5407b605e76043e4c3fcd2bd7e76f7535d41f7111810753c
SSDEEP

6144:SlLn6aGZ0ahJxfxO5lqHChx1eptCecCie:SlLnFW7xfxOwChx8tCedT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f/BootstrapperV1.23.exe

Files

g.rar
.rar

Password: 1
f/BootstrapperV1.23.exe
.exe windows:4 windows x64 arch:x64

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 797KB - Virtual size: 797KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f/DISCORD