BHYZIOPNB[.]zip | Triage

Sharing

General

Target

BHYZIOPNB.zip
Size

673KB
MD5

e7c62ade7f86f5a3558c53cb7ec9a2e4
SHA1

09332a9bd1b0b99e7708fd9b8f2df847f91c15aa
SHA256

6dfa80efaa115613c488b77eb4c28f7ebb4bf93c6f1c52d4485e4407cbac726a
SHA512

a1017ecead82a18a3fd10deee9a66b9988a42ef768554f5f00a6fb08b2fb81012a45493bd3fdbfc158d416c62b4602d8aea4e2ccde077a93607e13bfd7f38308
SSDEEP

12288:bhnZR5vvsslRR0bQHIqEiEMeHUM+5CiIfFkwZKo/e52NgZ3bKhruChH8F79lTs:bJfTDR0soql2HUMrZSwZbqZ3b4Glg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BHYZIOPNB.exe

Files

BHYZIOPNB.zip
.zip

Password: malware
BHYZIOPNB.exe
.exe windows:4 windows x64 arch:x64

Password: malware

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

BHYUIOPNB.pdb

Sections

.text
Size: 683KB - Virtual size: 683KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ