230901-wwrmcagh39_pw_infected[.]zip | Triage

Sharing

General

Target

230901-wwrmcagh39_pw_infected.zip
Size

6.4MB
MD5

55501a20f55c15bcec9e50101e9e3bb1
SHA1

2d98c84a6002838f84b61eaf8c921daaeaf09a0e
SHA256

17188840e0be125d91b563f879529132aad5bbd5a74ac10065216d55514ede53
SHA512

04e9648ab2ef24bb7dbfbab822281de8f8a287ff1ec1e8154ab77936cb872848289ddaa10147450cac37f828ce3bf2f3d95134ed3060496b36417903f08f916a
SSDEEP

196608:HPEI85ib5l6tMiLVcbgaYUVcVhX13yXv6Pq1pENN:HPEi5l6t/VhGiPfN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/526613447e3fab1375062a6cd1a92f9494d712f1384f850ef46f364a6cc1a411.bin

Files

230901-wwrmcagh39_pw_infected.zip
.zip

Password: infected
c624568e033887437008f25588e3d9ce_JC.bin
.zip

Password: infected
526613447e3fab1375062a6cd1a92f9494d712f1384f850ef46f364a6cc1a411.bin
.exe windows x86

099f20f175e7be818172354f31e4022f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CryptDestroyKey

netapi32

NetShareEnum

msvcr110

free

Sections

.text
Size: - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.[dN
Size: - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.N{q
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.?HO
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ