11650309694[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11650309694.zip
Size

311KB
MD5

2ff7aaf5dd4d19391aed4ccb8e0f25a7
SHA1

7f77abec207fe3222160d5463641a4044aa99d5d
SHA256

7db6d62d4cdeed5169a752136e6799bb7b7e43ddfef76488c58381a5b9526862
SHA512

c54a1091ec7cf12ae7ecf5b14bc18f5d3ca1c3ad208e41ff0e5cf54e61aaa44c06f1275c10751d1fc1a989a9fe659c93b18f55816c91c2e17f01c481e50308ad
SSDEEP

6144:DG4+jXCD09p+CIRa37YiMEp8AuTRt60BubGdn7zpQaoKCKwhng5O6nL3w:qXXCQTOarYiMm8fdtBSGd7zpQaoKCH24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0be4ef602d0cf99bcda0b4011b0f83283ab0a9a4ac4d75bdbcb7c83bf464e66d

Files

11650309694.zip
.zip

Password: infected
0be4ef602d0cf99bcda0b4011b0f83283ab0a9a4ac4d75bdbcb7c83bf464e66d
.dll windows x86

Password: infected

e42fab3fd7f83aea3aea34a6aa7b84e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

powrprof

ReadPwrScheme

ws2_32

select

winspool.drv

DeletePrinter

clusapi

GetClusterFromResource

user32

GetSysColor
DeleteMenu

gdi32

LineDDA
GetTextFaceW
GetTextExtentPointW

kernel32

GetBinaryTypeA
GetPrivateProfileSectionW
GetModuleHandleW
WaitForSingleObjectEx
CloseHandle
GetCommMask
GetTickCount
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleFileNameA

msvcrt

fputs
memset

advapi32

IsTextUnicode
FindFirstFreeAce

wininet

FindFirstUrlCacheEntryExA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ