Downloads[.]zip

General

Target

Downloads.zip
Size

3.4MB
MD5

239c75189a4ef8b0ec5964c8df7f62de
SHA1

3a0c5ae91de7cb381983322fd28d6480d03a674a
SHA256

e4ba341ac564f3a660bc904324382f00b099c2cba0ab4d682e8b4d508b02d546
SHA512

a1862e9248f72b716672e90ed21f56acf45c3dc4ae2583ed27c5d0f6cf6f1aff23d5ea6e82648cd26cffb215b1018509a1d8d582801b49b811e7f8057ea5bf4c
SSDEEP

98304:oVa7T352cWKaV+S4j3sgH9rGsJioKmG2U:3TJbQ+SunHpJgmTU

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ExtremeDumper.exe
unpack001/ShibaGTGoldLoader.exe

Files

Downloads.zip
.zip
ExtremeDumper.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KsDumper11.v1.2.zip
.zip
ShibaGTGoldLoader.exe
.exe windows:6 windows x64

8d5f2269d8df9e6a3c016f6750afd080

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

PathMakeUniqueName

advapi32

RegCloseKey

user32

PeekMessageA

kernel32

GetModuleHandleA

Sections

.text
Size: - Virtual size: 881KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pexe
Size: - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 512B - Virtual size: 12B

8d5f2269d8df9e6a3c016f6750afd080

Headers

DLL Characteristics

File Characteristics

Imports

shell32

advapi32

user32

kernel32

Sections

.text Size: - Virtual size: 881KB

.pexe Size: - Virtual size: 620KB

.rsrc Size: - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 824B

.text Size: 1.1MB - Virtual size: 1.1MB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 881KB

.pexe
Size: - Virtual size: 620KB

.rsrc
Size: - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 824B

.text
Size: 1.1MB - Virtual size: 1.1MB