infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

infected.zip
Size

5KB
MD5

a69f597b59963494b25862f6b75b8056
SHA1

77d37a045b3d2e124aac0aaab28f772426c6b4b0
SHA256

b3e6558151703dbf501c59654ae3a23ca40f7674ae248c67e5a5a1c1cc456800
SHA512

3b81e25907477f81f4b9b16d361c37e511907779215e023715385a2094fe9cd97ca03914e382f8300120ba745f5c965be6935397dbc070a87d615e6380f7e7fa
SSDEEP

96:5tUznKDbV/qONyiGNnw6On8R9GAF+P70AvP1Ezv14CLi9xnZqs2M9zMJF/FmBJ:PUznsi6yiGRV+YAv9Er14C+9FZq+YP9O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/打开我.exe

Files

infected.zip
.zip

Password: infected
打开我.exe
.exe windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE