zipAdd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

zipAdd.exe
Size

996KB
MD5

5d1266acea66eaa79b9946c630390f3d
SHA1

39ba02e4e106cc57ee49c5e74cb22a786e24af58
SHA256

48b3b3297b25eb88bd65dce825ccd37a6f710999180828bd0982aabf0d086055
SHA512

3a45d01edcaab6d5e1f8099b63c90e0507a2575a4ac0c23cce84b4d217844ff7140f730caa3c2358413c7cad69856a40f180d70f6ddfb46d9ed4c427839ea3ff
SSDEEP

24576:cml5vYzdiy6Xiu+bTy/YzdEinl3EU9G54r+ysxqvPJkY2uktbHRU:cmkKXr+b+/YzdEinl3EU9G54r+yzPO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zipAdd.exe

Files

zipAdd.exe
.exe windows x64

ca75fc9957891b0f124c4b7d827f0d8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FormatMessageW
GetCommandLineW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentThreadId
GetFileInformationByHandleEx
GetFileSizeEx
GetFullPathNameW
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
Module32First
Module32Next
MultiByteToWideChar
ReadFile
ReleaseSRWLockExclusive
RemoveVectoredExceptionHandler
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleTextAttribute
SetFilePointerEx
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WriteFile
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_cexit
_chmod
_chsize
_commode
_errno
_filelengthi64
_fileno
_fmode
_initterm
_localtime64
_mkdir
_mktime64
_msize
_onexit
_stat64
_time64
_utime
_wfopen
_wfreopen
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fread
free
fsetpos
fwrite
malloc
realloc
remove
signal
strcmp
strcpy
strlen
strncmp
strncpy
vfprintf

ntdll

NtClose
NtCreateFile
NtLockFile
RtlEqualUnicodeString
RtlWaitOnAddress

Sections

.text
Size: 710KB - Virtual size: 710KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca75fc9957891b0f124c4b7d827f0d8f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

Sections

.text Size: 710KB - Virtual size: 710KB

.rdata Size: 263KB - Virtual size: 263KB

.buildid Size: 512B - Virtual size: 133B

.data Size: 1024B - Virtual size: 4KB

.pdata Size: 18KB - Virtual size: 18KB

.tls Size: 512B - Virtual size: 24B

.reloc Size: 1024B - Virtual size: 624B

.text
Size: 710KB - Virtual size: 710KB

.rdata
Size: 263KB - Virtual size: 263KB

.buildid
Size: 512B - Virtual size: 133B

.data
Size: 1024B - Virtual size: 4KB

.pdata
Size: 18KB - Virtual size: 18KB

.tls
Size: 512B - Virtual size: 24B

.reloc
Size: 1024B - Virtual size: 624B