240325-fj7j2abd51_pw_infected[.]zip | Triage

Sharing

General

Target

240325-fj7j2abd51_pw_infected.zip
Size

1.8MB
MD5

95998b04997780888c0e8725c740beda
SHA1

b44bb97dd00d2dd46cab1c91856821adf6cdf9fc
SHA256

cb78ff8b50a5f4ddd6b10283cb1e85b1787416538b4f100c0dc99b521e19dab6
SHA512

00728981c24b4f61f6a0c37937ad7eefaf6e62502e76ffa955d6589c467cb33d7b10aa9eb993de80ec6bf3f5b25699d801b480ef08c922c4a0d0c5af6298742b
SSDEEP

49152:HEySOTTl/MP/yw+hubgkgtG0heikcGKQP2:kyRTh/MP6RhujsiikcDX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/68896184a0a231f1b18342108f0d9489d452fe49054a694ab3c191a07ddc432f

Files

240325-fj7j2abd51_pw_infected.zip
.zip

Password: infected
68896184a0a231f1b18342108f0d9489d452fe49054a694ab3c191a07ddc432f
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qqrsewtd
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mcthunke
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE