zp2428m[.]bin[.]zip | Triage

Sharing

General

Target

zp2428m.bin.zip
Size

25KB
MD5

c28fb0aedb809bdee0eea643e5e193b9
SHA1

051cc80586e87ed1626fe3da94929b42c310d036
SHA256

4d0c920b668f601929c25b6a0d26dd9cdc1714b264eed97d89426f04f065b3ac
SHA512

17f463ff390eda90267b5dd4dae18f67fd08b38e42872ade52ec24e6e41e0e73597a607edfc1e398e39491a1a4b019ec1cd86c8a0fddd2dcbf42f75dcedc8ec6
SSDEEP

384:uqMEmO6Fekxr/6CXsFC+V+U6+XtEl/jEGvx8eqPO6EfE6tzy9TZIaXZgP7F:BTmO6fXsFzXtEl/VDMO6EM6ofuR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zp2428m.bin

Files

zp2428m.bin.zip
.zip

Password: infected
zp2428m.bin
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

b9690r
egvycv4
g2edau81
i34ly67vo
j30xhf9vfxb0
j8zikin56y
r2841gvq7
v232x941e
w06l60l31

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 230B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE