11606333877[.]zip | Triage

Sharing

General

Target

11606333877.zip
Size

318KB
MD5

a3044047bcd338a7e16a05b0900c2826
SHA1

2609bcd0912809d1dfa43066b6bcde08fcf1d7ab
SHA256

c37b38c013fe3e845e9bee5697e21d5cc3a43d156d31a09dd9e6e537a7de1cf4
SHA512

dc7c05ffd3b3c50fb0901804742ac39c4ff76e93a74659df8f40a7ffa148cb0e72df6d029cf4759e44ab70501ad31eb195f0c736155133981112ba0f096006c8
SSDEEP

6144:khRBgaEH58WX6PPtV3yd9cu5xGLXteCbiUqKFw+YrR0JpCYfvS0/:kh9Y51X6PPb/GGrteCbi9KPYrbY3S0/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d3d24cfc0f5d15b4f6160e539f45a7786fce3be249d56811e9b7f0368967e396

Files

11606333877.zip
.zip

Password: infected
d3d24cfc0f5d15b4f6160e539f45a7786fce3be249d56811e9b7f0368967e396
.dll regsvr32 windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllRegisterServer

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pht
Size: 553KB - Virtual size: 553KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ