General

  • Target

    PEDIDO161224.rar

  • Size

    1.0MB

  • MD5

    5512e6253667a66d7300cac2b8f51b7f

  • SHA1

    da9659a0350a4d575184c62b47bcfb6618aa4a8d

  • SHA256

    e71a63d388fdcf8ad7fa5b03592fa116469a8a9f1bdcbbcb7aa459665905ff8a

  • SHA512

    fbbc25e11b540de4dd76d6d73863d75bda05f9f32dbb04a8cf101ed480635f066a8fa9812ec8af06d5cdc52d6d211837e136db1c5a0657b092fed364c9f4b9d5

  • SSDEEP

    24576:YaTMjZaerEV0kqXJ+ny3Nyq5loFJKiTlyvytMEGF3Yy:YfjZaGEQJuSyElIJr1G9X

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • PEDIDO161224.rar
    .rar

    Password: t4st

  • Untangibility90.exe
    .exe windows:4 windows x86 arch:x86

    Password: t4st

    56a78d55f3f7af51443e58e0ce2fb5f6


    Code Sign

    Headers

    Imports

    Sections

  • $PLUGINSDIR/nsExec.dll
    .dll windows:4 windows x86 arch:x86

    Password: t4st

    c1c7505e1e6e929ebb6b9100e55b050a


    Headers

    Imports

    Exports

    Sections

  • Guittonian/Kostbare.tes
  • Guittonian/Phylogenetically.del
  • Guittonian/backwashed.car
  • Guittonian/indholdsfortegnelsen.mic
  • Guittonian/overcutter.txt
  • Guittonian/tommelskruerne.afs
  • Khazaddum.Pre224
  • Suberised111.Med