Test[.]zip | Triage

Sharing

General

Target

Test.zip
Size

221KB
MD5

f6a628e44f643be113bc0ed354009162
SHA1

52ae956f908e74a051c453ea2872cfe4b8a3b257
SHA256

b578f685626a6e12034d3268fb559a7c477ca73cee15782a780e5696ba208f16
SHA512

be22d020cacf882929ee6d1da29867d23f1b5a544ea179f5ab8d8b02360d6356340010b52d08b1130947bb6cd8a0f5079af386f1ace1e2c4ac7cb687cec0e0ea
SSDEEP

6144:H0kdBwFAgFngrnNkH1PtzEA9Lt3cB6LFwj8q6YWynQGJF:UiwFNH1lD5tLTmjn/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ARCTE-2082/Microsoft.VisualStudio.WebHost.dll

Files

Test.zip
.zip

Password: infected
ARCTE-2082/Microsoft.VisualStudio.WebHost.dll
.dll windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

JWT1n
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ