WinZip180[.]exe[.]7z | Triage

Sharing

General

Target

WinZip180.exe.7z
Size

349KB
MD5

2efd4fa222cd2b7c7a598df44ea8a87d
SHA1

ad10aa63ad15801d4289ca681322d0a344d436ef
SHA256

8b0f3c4de4c3a3ae8466debf2ceca2a342fd12c2d024164fc4106ad196517eac
SHA512

ebca9acf1236cc081cb51870bc4e770d129e612d199a2a6094f2c6955e8338a3474efc1606b95c0572628d86689b23467c908de1785f9aa94f57780fb293e063
SSDEEP

6144:4VJ5BBbZ+LNMW2fhvcJ8o0bEhbcsI7XO1ljw/DnnlBp0fBvEFvY8X4oL/YZIdpb:4VrbivU0J8o04h4N7XOLWEUg8X9wedpb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinZip180.exe

Files

WinZip180.exe.7z
.7z

Password: infected
WinZip180.exe
.exe windows x86

77ab2c0fc3bfd997edb868c3fc4a8aa4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
GetTempFileNameW
FindResourceW
FreeLibrary
LoadResource
HeapAlloc
HeapFree
GetModuleHandleW
GetProcessHeap
WriteFile
LoadLibraryW
SizeofResource
FormatMessageW
GetModuleFileNameW
CreateFileW
GetProcAddress
GlobalFree
LockResource
CloseHandle
DeleteFileW

shell32

CommandLineToArgvW
DoEnvironmentSubstW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ