s[.]zip | Triage

Sharing

General

Target

s.zip
Size

109KB
MD5

749d7876d8999d9b8389ef866ba926b8
SHA1

7a92f5fb0c219959d234fc972e850490dcd4128d
SHA256

0fb7388c69ef9d2d892e6edc7eff8c86ce6f6659c88d347234acaa1a382e22ba
SHA512

78e28025c8f8627c39c29a40b451190001b43c936dd97aec488f3479796d3782a5654fa95781fde9eb0eed683f86c0c828108059d75ef0bd8e717e20c33e8615
SSDEEP

1536:10d+vSnOjo6B6UH4HC+xCa+PWbFnggILRcl2kCpJz6Fuzp8PwMyuaPBv7Fwv2ejR:1uuSOjGUHQBbFrvWp56oCPytHwv9qq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/hey/superstring.dll

Files

s.zip
.zip

Password: infected
db7cd6d0f75ddf78e0e6e09119d9071df07b50ef3f5289d474921adba4f35047.iso
.iso
Document.lnk
.lnk
hey/superstring.dll
.dll .js windows:6 windows x64 arch:x64 polyglot

a52e5c67083c9a6469ce9283f8b67c82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObjectEx
CreateEventW
OpenEventW
VirtualAlloc
CloseHandle

usp10

ScriptStringGetOrder
ScriptGetFontAlternateGlyphs

ole32

OleQueryCreateFromData
OleTranslateAccelerator
StgCreatePropStg

Exports

Exports

MMdIfEzjTRTMf
PrPLlcFIDhjM
RbijOueUefJVZaM
TDvVBhCTzraQ
TdPDbFrAWSPdEKqZ
VRLfArwvMiEFiGx
VTRItTHWuSOqXxqr
VgxXOnyXxBAJK
fuadsyguasgduhaisudjyuagsdua
iasfsgpELrVmJ
kRNIciuuPyv
qWsGwsFPXXwN
rmrKKkuldHY
vMjDGnbaECjI
wPSEHNPbjettJ

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 721KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 534B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grHx
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hey/twelfth.bat