7596d403a523bd068beb438939d42612ad5f0868789077a86218ad85b056daab[.]zip[.]zip

General

Target

7596d403a523bd068beb438939d42612ad5f0868789077a86218ad85b056daab.zip.zip
Size

748KB
MD5

a841299df1deac1a21ea75ef364b3ded
SHA1

6294bf17e005ae402b01fc3589fc4852df24664d
SHA256

5552bb9df76fa83d94808647d42b05bfa7ad656666bbc5a1dd5f23da9b546b1c
SHA512

3fc1cfe129bd907a27d880dac84f95c5fd7fef0b24822b214620a5d1a2c6bb6581c24cab829c25050b84855e5100906b7c2ac7633e54afe268b16e69a464e4ee
SSDEEP

12288:CKY5xLeLRFPi+4O0E0qhS+FObnkBlExXGREwpQnAVA0na4A:aIRBrSDoR5QAVzna4A

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Shadowsocks.exe

7596d403a523bd068beb438939d42612ad5f0868789077a86218ad85b056daab.zip.zip
.zip

Password: infected
7596d403a523bd068beb438939d42612ad5f0868789077a86218ad85b056daab.zip
.zip
Shadowsocks.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 918KB - Virtual size: 918KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ