file[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.zip
Size

7KB
MD5

7dae18206683e7bc5090a9b827970ea4
SHA1

161d76ddd1d53aeba15942e5e91024132c2ece57
SHA256

0c1be78484cd71eaf6b7e5549107906f45cc6946e2ff5179de6a1b9e70ef0552
SHA512

3beffcfc21d56972aa584b4bcad4cfe2340c389a7130ee5c391d86ea4e1de5743fb4f08c5a75f746b56c44413181fb64709125e38edb0f5d7afeeb1f1e7637ae
SSDEEP

192:0Be0Qblia3wwxrmm7TKH3/ULjglciS98aJBTTgRj:0Be0QMm1TKvGniS9/JBTsJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1_Rumor.exe

Files

file.zip
.zip

Password: infected
1_Rumor.exe
.exe windows x86

Password: infected

267ed6b65e015cee4d2d6947dbb7c817

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
ord300
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord306
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord534
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
ord100
_CIatan
_allmul
_CItan
_CIexp
__vbaFreeObj

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ