CELH0BGSQ2_2023-06-08_12_11_27[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CELH0BGSQ2_2023-06-08_12_11_27.zip
Size

4KB
MD5

d596e60989fb4cc7e4e26f1897c6fa07
SHA1

e3f0fab4938803c9dc6708bef96fc559b4f2335b
SHA256

d82c790c7a2d004dcedfc34abab47bffd661fadbddd7f5bff4aee3cb0d279dc2
SHA512

a96a5b5b59c78f983a61efa3ff117f4a0f4642929b67fa005014fcc905a03849965e52d2fa90adb3a84e333497db838d00e349f3596c5ee098eda23133930afa
SSDEEP

96:N/k+LN7FxW4H+MTZKLR5yeWTbzDKKJa0DLEXsjRkbS1HtP7QrqHH5r0WR:N/kWLxWyTIyekbzeCLzRyUtP8rq5r0WR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume7/main_hdd/C_OLD_HDD/Documents and Settings/All Users/Application Data/Installations/{9C05FA75-0337-4523-AA57-9D3511018887}/Installer/CommonCustomActions/UninstCCD.exe

Files

CELH0BGSQ2_2023-06-08_12_11_27.zip
.zip

Password: Infected1234
Device/HarddiskVolume7/main_hdd/C_OLD_HDD/Documents and Settings/All Users/Application Data/Installations/{9C05FA75-0337-4523-AA57-9D3511018887}/Installer/CommonCustomActions/UninstCCD.exe
.exe windows x86

Password: Infected1234

a4cddb0e81d3ac529ea817dcfad884a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

msi

ord67
ord204
ord112

user32

CharToOemA

shell32

SHGetSpecialFolderPathA

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
??3@YAXPAX@Z
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??2@YAPAXI@Z
_findfirst
sprintf
_findclose
_vsnprintf
isspace
_initterm

kernel32

GetStartupInfoA
GetModuleHandleA
DeleteFileA
CreateMutexA
GetLastError
WriteFile
GetTempPathA
SetCurrentDirectoryA
CreateFileA
OutputDebugStringA
CreateProcessA
WaitForSingleObject
CloseHandle
Sleep

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json