病毒样本[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

病毒样本.zip
Size

703KB
MD5

7e77c8bb143015c0bc4bb5665e5fda15
SHA1

dd7d494b71fff34310aa46c2db72343beecc5aa0
SHA256

b2d11242f10e92ed94f3609ba6432175ad62a802b6e578dd09aae92ddc4fb1f7
SHA512

abe0c641fa22f93708381b872df3fc07c5f91610cb96a96588474a61886dbe35c30645fc630c6a05f6a99a9807bd224f81c627e3ab5eac9e2c04508c530380f4
SSDEEP

12288:3sAIBWCa2VcYxbtkA/28e4Hz9LrDBAQownpE74aV7SulJ90l7tvnt9b:3sAIAiVc7cfec9Lrpf07op7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1.exe

Files

病毒样本.zip
.zip

Password: infected
1.exe
.exe windows x86

Password: infected

88381b84da56810b869e897e6d45bd58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnumChildWindows

Sections

.text
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bxpck
Size: 219KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.main
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE