1e9a457e1a02eb67419d8b9347893b0634096c892d9edf38e8a231852ef3ba0a[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

1e9a457e1a02eb67419d8b9347893b0634096c892d9edf38e8a231852ef3ba0a.zip
Size

3.9MB
MD5

70cbe28ab0f0c6d4d3dd2b5186a6d20d
SHA1

1ceec31e78d6992e9b0332a21aeba7bf9f4113d6
SHA256

9147689bce40c136b4d8a6605e198e0d7661765a33e29afbbd8aadca333401af
SHA512

7667570ea578f3f6539c011542ce1e7c8d25188ced3c94f09a1d3c14bd578e112261fa050257e62456b3aa70943f5e01bc557329a4b8948931996adaef2090f4
SSDEEP

98304:iXlkcotF58RcOB05yKsM0jYzoJHLn1KPb6bO2lAx:0ron58RBWh4jLn1Mb6bO2+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1e9a457e1a02eb67419d8b9347893b0634096c892d9edf38e8a231852ef3ba0a.exe

Files

1e9a457e1a02eb67419d8b9347893b0634096c892d9edf38e8a231852ef3ba0a.zip
.zip

Password: infected
1e9a457e1a02eb67419d8b9347893b0634096c892d9edf38e8a231852ef3ba0a.exe
.exe windows:4 windows x64 arch:x64

Password: infected

f724bf854d48d0d9304afe0d4a20398f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
GetModuleHandleA

msvcrt

wcscpy

shell32

PathMakeUniqueName

advapi32

GetUserNameA

user32

GetDC

Sections

.text
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pexe
Size: - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f724bf854d48d0d9304afe0d4a20398f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shell32

advapi32

user32

Sections

.text Size: - Virtual size: 29KB

.pexe Size: - Virtual size: 5.2MB

.rsrc Size: - Virtual size: 6KB

.pdata Size: - Virtual size: 4KB

.reloc Size: - Virtual size: 1KB

.reloc Size: - Virtual size: 5KB

.text Size: - Virtual size: 1KB

.reloc Size: - Virtual size: 96B

.reloc Size: - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3.8MB - Virtual size: 3.8MB

.text
Size: - Virtual size: 29KB

.pexe
Size: - Virtual size: 5.2MB

.rsrc
Size: - Virtual size: 6KB

.pdata
Size: - Virtual size: 4KB

.reloc
Size: - Virtual size: 1KB

.reloc
Size: - Virtual size: 5KB

.text
Size: - Virtual size: 1KB

.reloc
Size: - Virtual size: 96B

.reloc
Size: - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3.8MB - Virtual size: 3.8MB