MDE_File_Sample_5a277f9a2a691675c366dc19b98e16cac3431f19[.]zip

General

Target

MDE_File_Sample_5a277f9a2a691675c366dc19b98e16cac3431f19.zip
Size

11KB
MD5

c9d7965b7520d0c3ca17894e978680db
SHA1

7f4eb491f664071ed28bcd193079a77a0d463ed1
SHA256

86fc19f3f2872fe8377e973c22f4452a7e2dd67b01c9c9e4f16487e0512625f6
SHA512

baadb71506ec0cb81e41157d551b05f46453c6380dc4f3a0f3ad2c6d8a06d55ff49bae19734083999a3ed45a9c30a9965fbdb52d099b55f877771640238d1e5b
SSDEEP

192:VBXz2/ptUthOGdtT7bWxGbYg2LsjBEFpw3Bj1ySEnJY9ZGg9:TXzipOrO+iTZFpaBj01nVw

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/svchost.exe

MDE_File_Sample_5a277f9a2a691675c366dc19b98e16cac3431f19.zip
.zip

Password: infected
svchost.exe
.exe windows:4 windows x86

Password: infected

32ea871963a26405a921f9902baefdfd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord621
ord516
ord626
ord666
ord598
ord631
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord608
ord716
ord319
ProcCallEngine
ord535
ord570
ord648
ord573
ord685
ord100
ord579
ord320
ord321

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ