400000-InstallUtil-AWK[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

400000-InstallUtil-AWK.zip
Size

75KB
MD5

7d9565798d7d7c90717ef578c6856892
SHA1

94de46d51c2349980dc17ccc369c4d9b4b8eafb3
SHA256

47acc32f440ca16005c15297b011458a1e342cecc88286506c23d6f9f8f4fdb8
SHA512

6710f1604f0ba2ec4394e39845affcac96eab83460dcb8d14a6c46f8b7521342e85712ad2de8941e317970d020e696caac53bf98390a4aac9278835603f80abc
SSDEEP

1536:YX89Vxp/yTlP25uu6NPHZEvBoCwFRbl6srykvFArZM5qY7PU5BO:1xlyJP2kJnPCybzvSK4sPU5BO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/400000.InstallUtil.exe

Files

400000-InstallUtil-AWK.zip
.zip

Password: infected
400000.InstallUtil.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ