dd1200655c6acff2c7a4d4d3a0c86399a9f23823535e9e6224860a521f360678[.]zip

General

Target

dd1200655c6acff2c7a4d4d3a0c86399a9f23823535e9e6224860a521f360678.zip
Size

706KB
MD5

609649654585471122418bc46f544f27
SHA1

210a1e66374887d5bb1327e733eb0d33b3de100a
SHA256

064ee6c141605a6430242c8f1ff2ebd2564fd28ec39bc62e2d529c753101a560
SHA512

151b0905fac9a2c77f6ec2838248739dc01b81b2d630da35318778c28109784820350286e12166b3f78c936247b829b412a5eddb864df03477a1945b16731a05
SSDEEP

12288:yLbNXagcv9fP4Rx9/uCUpCMvFtWv5LXeuugml+rsk5N8GNnyw:GNXan9IlMvFtWtXlRcXgyw

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dd1200655c6acff2c7a4d4d3a0c86399a9f23823535e9e6224860a521f360678.exe

dd1200655c6acff2c7a4d4d3a0c86399a9f23823535e9e6224860a521f360678.zip
.zip

Password: infected
dd1200655c6acff2c7a4d4d3a0c86399a9f23823535e9e6224860a521f360678.exe
.exe windows:4 windows x64 arch:x64

Password: infected

47bc3e92e82cd9e4341a7101e4c32da9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHChangeNotifyRegister

mscoree

_CorExeMain

advapi32

GetUserNameA

user32

RegisterClassExW

kernel32

GetModuleHandleA

Sections

Size: - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 426KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE