KG_WIN[.]ZIP | Triage

Sharing

Copy URL Twitter E-mail

General

Target

KG_WIN.ZIP
Size

272KB
MD5

0b214a9d1831ec23c88c19628de28398
SHA1

0306df969d944258240590854d5babc3c9955516
SHA256

b597eb53f62e70ccd37092d27c12d6ab957868a2531da4250fa2af2097c37151
SHA512

a21e4eda3ce0a5c58fa02e4a85f9400ff66149ff357387c47c78aac988b62e8082399e46354972e5150be7e381f0a3030d0f5c9bb7189cc5c2bb93a3d599c438
SSDEEP

6144:EBJNYE6YMb91gB7+2soyMBxyikd2NOWlQl1pGKZzIB9ymRoVi4DRy8xS:EBJNx6YMbXgB7+FKkikANO1l6KZzIqE7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kg.exe

Files

KG_WIN.ZIP
.zip
kg.exe
.exe windows x86

009fe6767545ae516440d8eb5e027c7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

pow

ole32

RevokeDragDrop

gdiplus

GdipFree

user32

GetDC

gdi32

BitBlt

comctl32

ImageList_Add

Sections

.MPRESS1
Size: 224KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE