Install[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Install.zip
Size

5.6MB
MD5

4603ea24aa106bb731dccaf98b403583
SHA1

dfd9207f206bd15f808244877df5cc82f897e16f
SHA256

b414d01f3754dc6fdac7ec6cecf57c967ffa8666f5db0884c4a3e8b718e2f536
SHA512

2ec3037745d066c4c8d61523d18f2d37924dd4d93e3cdced6b434e7d6b3171eb6f32f8f5fca650b6f7e1ebae00e76739cc2d7e4d914db8f227cc3f70fa313677
SSDEEP

98304:JrmAbf1Hsbn5uFaiZQnu8HZz6OGhQOlysEmnTjNRqD26imhTDT+43JA7tEvlx4f6:JJ1H05OaeQuFyLUKD263+IWtE9xMrA5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Install.exe

Files

Install.zip
.zip

Password: 1234
Install.exe
.exe windows x86

Password: 1234

71dac11c80b80d1f1b6b3c60718d874a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.MPRESS1
Size: 4.8MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE