2 Samples[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2 Samples.zip
Size

903KB
MD5

e3dc682b27a162fbe9639603ba7e044f
SHA1

477b0d1f1c70648dd765efe2e972de0a39669b80
SHA256

9115f4802d6e4b60203824b6a8dfcd264945dba3a63619aa515e9da5511ed5cb
SHA512

dc108ea56a9b8da8270a11595dd44d30c7598d6a8dbbb1b191432057a0119569cad099c112315e341064a0c141bbf43f1326e6743ee91a04aca85f0d97a501c6
SSDEEP

24576:Oty9YbGkRxMiiedEe8cCTKVF6AcO03HSeEqYVB/JDd2a:Oo8rmfgf8cYKVF6TO4yCc/JDIa

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1699835572-explorer.exe
unpack001/svchost.exe

Files

2 Samples.zip
.zip
1699835572-explorer.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
svchost.exe
.exe windows:4 windows x64 arch:x64

c78a8260f9a15829e711e4a9385a8f0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

PathMakeUniqueName

mscoree

_CorExeMain

advapi32

RegOpenKeyExA

user32

CharNextA

kernel32

GetModuleHandleA

Sections

Size: - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE