11605463202[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11605463202.zip
Size

314KB
MD5

ecc256d355532540beb4c447d739f3c8
SHA1

1c6c4cc56544ed49535b9925e903a10de561ae6c
SHA256

7c273e7d752e9d26cddcd8c123597379891e35b073d16c8318450f5eed2e55b9
SHA512

25e014f957a412255f40b52a36c4ab0414e2613309a001f308a7c082b55984586388747f58525dca521a9eaf085ae052ea2e2d102141329c597be3a5d25ce276
SSDEEP

6144:OG4+jXCD0vhQEnoBqXSrG9xJTxUD+BZrCKFoFEY/Mk9nS4mHp5d:NXXCQiGCGLFxZBhCKDYUkxS4mHpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e45a274847f9e507d078d28f6bf080bf8ab724b4f0e5553c32ff822690273061

Files

11605463202.zip
.zip

Password: infected
e45a274847f9e507d078d28f6bf080bf8ab724b4f0e5553c32ff822690273061
.dll windows x86

Password: infected

e42fab3fd7f83aea3aea34a6aa7b84e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

powrprof

ReadPwrScheme

ws2_32

select

winspool.drv

DeletePrinter

clusapi

GetClusterFromResource

user32

GetSysColor
DeleteMenu

gdi32

LineDDA
GetTextFaceW
GetTextExtentPointW

kernel32

GetBinaryTypeA
GetPrivateProfileSectionW
GetModuleHandleW
WaitForSingleObjectEx
CloseHandle
GetCommMask
GetTickCount
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleFileNameA

msvcrt

fputs
memset

advapi32

IsTextUnicode
FindFirstFreeAce

wininet

FindFirstUrlCacheEntryExA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ