5BDE82E8A6F128A4[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5BDE82E8A6F128A4.zip
Size

3.0MB
MD5

5cbb47e6cb1af823903305ce4366784a
SHA1

e83e2ae0e2365b6049a8f8e1815a9fad5cd47c59
SHA256

5dd138036fb739fe4c3531ab9c257bf761dbb2264f8e6c46c1414564599fcb51
SHA512

d96064b9fa9b93a4b9399ae9a5656bebb1fc2928f847b00ab438b921ecfbe3debe45ae442ca5f20f11337bcb0635fb01e37b2cc9f6ef3d93273b1693e4bcec17
SSDEEP

49152:9R3uCFAyYwytmEkQjBQuYKYvxgeyjSMcgsL4BVwhNmcb2iN0d3Nj:72fpjzYvlK5sL4BVkbb2s0f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/29b02c9743eda0b5bdf4478ec1bf1ffeb65a7c9ce196111c8fb3bef6694a705b

Files

5BDE82E8A6F128A4.zip
.zip

Password: infected
29b02c9743eda0b5bdf4478ec1bf1ffeb65a7c9ce196111c8fb3bef6694a705b
.exe windows:6 windows x86 arch:x86

48d4a6a3111a18b082fa3638b1568f64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gYT
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uv_
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.2Rv
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ