11528067492[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

11528067492.zip
Size

12.9MB
MD5

877c3338dd82b6762ea8cb6b6e2e64e9
SHA1

6b95a3da9c371d448356bf97eec979c70e8d83b4
SHA256

8a20b5d05e26057121e8b11bf59ab7d2021665b15d0d6666e538c24c491d8c40
SHA512

46824acddea2f78582e52103c054b58755f48e89040013a70635a897ac9ebfb98ed31ae0223ad3b3c385d0b0ba90effb090b7a0ae82df7c9ae3c0ad4fb2df3ef
SSDEEP

393216:25+sB6xhn3xEo1Nw0kAFReNPVoKb0dTfP2QvS:xs0M8mAyNd4nlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7b636314a425c887a023e28ed1418f1773e2dd4514809c3fac645d5963c3dc64

Files

11528067492.zip
.zip

Password: infected
7b636314a425c887a023e28ed1418f1773e2dd4514809c3fac645d5963c3dc64
.exe windows x86

3404695bde5d05b77dd3fddc289fb9b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_ntoa

crypt32

CertFreeCertificateChain

wldap32

ord217

normaliz

IdnToAscii

kernel32

LCMapStringW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA

advapi32

GetCurrentHwProfileA

wininet

InternetCloseHandle

bcrypt

BCryptGenRandom

Sections

.text
Size: - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gloss0
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gloss1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gloss2
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3404695bde5d05b77dd3fddc289fb9b0

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

wldap32

normaliz

kernel32

user32

advapi32

wininet

bcrypt

Sections

.text Size: - Virtual size: 612KB

.rdata Size: - Virtual size: 125KB

.data Size: - Virtual size: 9KB

.gloss0 Size: - Virtual size: 7.5MB

.gloss1 Size: 2KB - Virtual size: 1KB

.gloss2 Size: 13.1MB - Virtual size: 13.1MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 612KB

.rdata
Size: - Virtual size: 125KB

.data
Size: - Virtual size: 9KB

.gloss0
Size: - Virtual size: 7.5MB

.gloss1
Size: 2KB - Virtual size: 1KB

.gloss2
Size: 13.1MB - Virtual size: 13.1MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B