shepherd[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

shepherd.zip
Size

25.2MB
MD5

6a4ed4ad3656d14c58a72eb8237d80db
SHA1

1322772b494cfe208693eac5189814455d5cdeb0
SHA256

232dc8fd15b36de6792b8f23c63449f9885444b0ed50e93c5895c87da8d73b15
SHA512

5970713f7c1e8d9e30c3f3bb8083d4a3ab13f4dbb81a564a018f1dafb13535986264308d2c17f359ab1786297b57f36922c5cf5f73e2033a5e999bf4c53b3097
SSDEEP

393216:P1Lxmj5RchBwr5+IwLmh/dFHC/Qn5mqOwES6bQfwE6MSfmKs+CjRaH0lQXcy5S0:tls46Q7mFdFaSoSw6rPNjXQs4T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/shepherd.exe

Files

shepherd.zip
.zip
shepherd.exe
.exe windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 852KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.enigma1
Size: 55.5MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE