a05b46db2a55d5a43e3fa265c9f2d69b173acc14cfc50f4a84c5ade8a65bcc43[.]zip[.]zip

Sharing

Target

a05b46db2a55d5a43e3fa265c9f2d69b173acc14cfc50f4a84c5ade8a65bcc43.zip.zip
Size

2.2MB
MD5

3d5a19c8d2046aa5013cd44ec47a4d40
SHA1

ce28658a2a1d41a154230eee90433cf86f38786d
SHA256

d3411f1c9d5188ff340f3db3350f15ebd6eac928a480fcb3951c88f5fa70e093
SHA512

bdf94a2e2c5734098874e424f0a550d8cae91f88edf71f7aeb3a601555ede54944e7f1981ed45334e2610d55cab2b8ce2a42a632ea4a76a9bf19436440c2aeec
SSDEEP

49152:l5uw5cW8gU2ZhpTWXCCFi0i1DTxDnSXMXaa0dW0:+Wf8OpSXCCFk1D5oMXap

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Shadowsocks.exe

a05b46db2a55d5a43e3fa265c9f2d69b173acc14cfc50f4a84c5ade8a65bcc43.zip.zip
.zip

Password: infected
a05b46db2a55d5a43e3fa265c9f2d69b173acc14cfc50f4a84c5ade8a65bcc43.zip
.zip
Shadowsocks.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
步骤1.png
.png
步骤2.png
.png