0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802[.]zip

General

Target

0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.zip
Size

561KB
MD5

64439bdd77707b03d74f3236758aeb27
SHA1

2f4b3468ffb8165dbf4dabbf1e9a713376eb31df
SHA256

171a1ec29ffa94e5563baf4b7d240ab47690b35d15370ce8ce4633fbb1eeb755
SHA512

f045051f30394a7c7a0b29e50ac09c0c240b8c51651c26448fe8ed7dea7fc616efb3b2b1a94968e06b0ef17542b8811b6e91964b15e7078b36e197eb93f04ed9
SSDEEP

12288:x/Ej0XxUY2l/bO7R5Qni4BJ/sMVrfLG6tyzOYN:x/5uNlgR4tiMVTa3OU

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll

0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.zip
.zip

Password: infected
0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

fd5af0ab7a5a3177d30a084a47566c4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlComputeCrc32

kernel32

GetCommandLineW
lstrcpyW

shell32

CommandLineToArgvW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data2
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ