11801691757[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11801691757.zip
Size

228.4MB
MD5

f85e16a74cdb3db7fe87394ebb81ccb2
SHA1

3e4a563583f8e88d0e36cb847c33af20dad9c9d3
SHA256

39edb1f25b9cb111301aec02e38326c95272bbcabb142ed8c7845600c50771e0
SHA512

4bd38d658309d2913a32057f524ba0df2852204d711e4aa03fc0c3f531b1a400fd114af81ea3f8d26e30d564143e82d5f5f705aea44b6f4860cf2cdc02478904
SSDEEP

6291456:cUa3YOLiEd823MZYqQ/Spf0tpSg+kZcJzMgrPdVD4ze:cl3Y8i5mMk/B9ZcJwodVkze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/20aaebe94107b3c0c625f434ca1ef50c8907926c8047e6f7644db64455a738fc

Files

11801691757.zip
.zip

Password: infected
20aaebe94107b3c0c625f434ca1ef50c8907926c8047e6f7644db64455a738fc
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 685KB - Virtual size: 684KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ