10454196587[.]zip | Triage

Sharing

General

Target

10454196587.zip
Size

459KB
MD5

337e719fe5058f70871d0a0d4533a63a
SHA1

32a0a254c73e0684c52dd66837d1a1404c22f63e
SHA256

aabd82241b39feab3c47bb37d0baf34ecdb5c911dd99fba8abf33d63d370ab60
SHA512

e76c6cdf6e8973649c1948f3b62fd876c3471189a9eae95c247426d41a470662e1aa67fb7c8ce01b070ffefc494129e3aa1a781e2a08935b518fc498013e0ae0
SSDEEP

12288:3MoFp2Srk8wMLCpsts/Esbgvivp4hoEVkDlsbZ4KJ:3dz2SfwVuts/1gvQp4xVkDO4KJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fac48de0a349391a521c039cc707b7963eb9b13815e4392b9ac1519806af63e5

Files

10454196587.zip
.zip

Password: infected
fac48de0a349391a521c039cc707b7963eb9b13815e4392b9ac1519806af63e5
.dll windows x64

9c3b61a739263ae6772214cd37a51ab7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateProcessW
CreateThread
ExitProcess
FreeLibrary
FreeLibraryAndExitThread
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
Sleep
lstrlenA

Sections

.text
Size: 833KB - Virtual size: 833KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ