1627e3f3cd96223d4654ae6aa7cf334946463494f19e272e88ee36909cc37a99[.]zip[.]zip

General

Target

1627e3f3cd96223d4654ae6aa7cf334946463494f19e272e88ee36909cc37a99.zip.zip
Size

568KB
MD5

aaa1d21466636a85a53d393d746319e7
SHA1

c31e200d51fccce628e4059f009e78a05ada781b
SHA256

325ab6296b7ec8963a8372fdff5c9487ccfdd696cf8b65e4a8641a7e53f148fb
SHA512

92afcad9ee07d4e4272828f03cba545e6cbfcd6ba954c3394dcf14c8b67dc0fc7024dcc462c1c1732572cc925fbd02021a27390590244472f87ee0b17a24efdb
SSDEEP

12288:SsqH5Q0Tkf7gtS6OaZ/aRUuCg/kDlFgS+wOXdcx2YDWkUcp:SsqH62kf7gtJOaZio7Dlq3Xax2bkUcp

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/adobe.snr.patch.v2.0-painter.exe

1627e3f3cd96223d4654ae6aa7cf334946463494f19e272e88ee36909cc37a99.zip.zip
.zip

Password: infected
1627e3f3cd96223d4654ae6aa7cf334946463494f19e272e88ee36909cc37a99.zip
.zip
adobe.snr.patch.v2.0-painter.exe
.exe windows:4 windows x86

416af365bd0075002ad4b3999c9e9a47

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

SaveDC

ole32

CoInitialize

comctl32

ImageList_Add

shell32

SHGetFileInfoA

comdlg32

GetOpenFileNameA

Sections

.MPRESS1
Size: 556KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE