6c60859c1370cc70149b2249547a5c6f0959f255b329204b716c12bb91935308[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

6c60859c1370cc70149b2249547a5c6f0959f255b329204b716c12bb91935308.zip.zip
Size

97KB
MD5

f67a05701bbf1450b3491ef67739fa32
SHA1

0bbaf4ff3509c60459febf718c6e54d292520d89
SHA256

cc60b47cf73a393937ed69a39fbdedd7d8fe6350b3a22fcc553a078ae8ee0414
SHA512

771db2da4949770e60fb772b3e1e7bbd328b2f134eaae9e6c0e97ad72156ce539d3959b80cfb65d7636e3168d0f6f29a878aed50f94aaddddee807848c0d27b9
SSDEEP

3072:Iunxg8/GrgbJciBP8Uqy2d7xac+EoBhirBlDI:fT/SgbJZAac+BirfM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ITVisions_PowerShell_Extensions.dll

Files

6c60859c1370cc70149b2249547a5c6f0959f255b329204b716c12bb91935308.zip.zip
.zip

Password: infected
6c60859c1370cc70149b2249547a5c6f0959f255b329204b716c12bb91935308.zip
.zip
ITVisions-CheckUpdates.ps1
ITVisions-Commandlets-Directory-Test.ps1
ITVisions-Commandlets-Hardware-Test.ps1
ITVisions-ListIncludedCommandlets.ps1
ITVisions_PowerShell_Extensions.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ITVisions_PowerShell_Extensions.dll-Help.xml
Readme.mht
.eml .js
- http://www.it-visions.de/start.aspx
- http://www.it-visions.de/produkte/Schulungen.aspx
- http://www.it-visions.de/produkte/Beratung.aspx
- http://www.it-visions.de/produkte/Support.aspx
- http://www.it-visions.de/Produkte/Referenzkunden.aspx
- http://www.it-visions.de/produkte/medien.aspx
- http://www.it-visions.de/buecher/default.aspx
- http://www.it-visions.de/about/Contact.aspx
- http://www.it-visions.de/Community.aspx
- http://www.dotnetframework.de/
- http://www.it-visions.de/dotnet/dotnet3.0.aspx
- http://www.it-visions.de/dotnet/aspnet/start.aspx
- http://www.it-visions.de/scripting/
- http://www.it-visions.de/scripting/powershell
- http://www.it-visions.de/lserver/news.aspx
- http://www.it-visions.de/search.aspx
- http://www.it-visions.de/
- http://www.microsoft.com/europe/teched-developers/
- http://www.it-visions.de/scripting/powershell/PowerShellCommandletExtensions.aspx#
- http://www.it-visions.de/produkte/schulungsthemen.aspx
- http://www.it-visions.de/V/Schulung/Schulung/Produkte/Themen/dotnetSchulungen.aspx
- http://www.it-visions.de/V/Schulung/Schulung/Produkte/Themen/aspnetSchulungen.aspx
- http://www.it-visions.de/V/Schulung/Schulung/Produkte/Themen/csharpschulungen.aspx
- http://www.it-visions.de/V/Schulung/Schulung/Produkte/Themen/VisualBasicNETSchulungen.aspx
- http://www.it-visions.de/V/Schulung/Schulung/Produkte/schulungsthemen.aspx#Datenbanken
- http://www.it-visions.de/produkte/seminar.aspx?v=4901
- http://www.it-visions.de/V/Schulung/Schulung/Produkte/schulungsthemen.aspx#Webprogrammierung
- http://www.it-visions.de/buecher
- http://www.it-visions.de/books/n3c.aspx
- http://www.it-visions.de/books/n3C.aspx
- http://www.it-visions.de/books/a2c.aspx
- http://www.it-visions.de/books/a2b.aspx
- http://www.it-visions.de/books/ws5.aspx
- http://www.it-visions.de/download/download.aspx?Datei=/Tools/PowerShellExtensions.zip
- http://www.it-visions.de/about/rechtliches.aspx
- http://www.it-visions.de/about/default.asp
- http://www.it-visions.de/about/contact.aspx
- Show all
attachment-10
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-8
.gif
attachment-9
email-html-1.txt
.js
install (Visual Studio Compact Prompt).bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

.text
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B