0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802[.]zip

General

Target

0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.zip
Size

561KB
MD5

e01e7ff183acb83e906783afe6492216
SHA1

626c70560d12ff11ee2cb53bea789c7048c374b8
SHA256

82b3fc5c0257a257cade9bc60449698dcdc20889281fecba8cb6c04fc3a0c892
SHA512

b2e68e9d9234ba5f445bd49eaf072ec43c0f81c9358204d78e63a1c92fa081da47e023246ad265c21750a8094799849cc017377d1f45b3e14bde8f11466c0d0d
SSDEEP

12288:rDhNekpgZKlITNdJa8XYxOvOUVVr6hileNbgNcdSAuqAPv/wjEQb:3hNekiZKaxddoI9zJE1gNAS5//wAQb

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll

0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.zip
.zip

Password: infected
0457768f9d8d70ff59275c27bc99d45c1c48cf1e932d29c3f2e9d5e037acd802.dll
.dll regsvr32 windows:6 windows x86 arch:x86

Password: infected

fd5af0ab7a5a3177d30a084a47566c4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlComputeCrc32

kernel32

GetCommandLineW
lstrcpyW

shell32

CommandLineToArgvW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data2
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ