28b625770e06136f9da9a0896b1ff64e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28b625770e06136f9da9a0896b1ff64e
Size

9.5MB
MD5

28b625770e06136f9da9a0896b1ff64e
SHA1

2686cbc365ab16d91f8d1c85731c093d05f572e8
SHA256

68bf39789573e86c2863495643f923eaefefe39bf2dd985edd5d1abd4896983b
SHA512

0c7db88109561743458c8b87e4b9762ec1259dca47fc27622d920ada9fbfa24b608a963f0c2bce1c14dedf831ca6555476c8c8fb4022fda2f800d682a59a75b3
SSDEEP

196608:iBWrcrVXOAPmlazUIypAeQzltU9IPOZt2rJJjsKn8ew488BX4/mV:drcVqgoIAHQzl29IPCt0h8evBo/mV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zc.exe

Files

28b625770e06136f9da9a0896b1ff64e
.rar
zc.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url