12246842769[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12246842769.zip
Size

22KB
MD5

85ebdcb6e1b71fa82928777c54b39da7
SHA1

8265ec4dacd30f30fb248965e38d78d6862d5be1
SHA256

8dea7f8f7069e26458c28f947aef4c8a18938c3b7486c5f8db242b510644d956
SHA512

aea70e8bd93558badc46d9892a04708fb0792cc2a08e93b3da8dababd5357f3b17e86a579573f4cbde2c30b68ba8a1893efe2daf01a05b83d30bcb11c4965531
SSDEEP

384:iuS+FCkZ8zMn5OxIK9YDEI8/x126INrsD7w74pvOQigAUtXEaPRtRgWus/P5G2O:it+FCkKwn5mL9Yrsxk3dsXw70bAUtXED

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/593b66565011f94844d9255dbc5a62851f649848a51d5553e355dc20e7ca7ef1

Files

12246842769.zip
.zip

Password: infected
593b66565011f94844d9255dbc5a62851f649848a51d5553e355dc20e7ca7ef1
.exe windows:4 windows x86

Password: infected

d627580758f3499c928997b2e73e2085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATTACH
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE