240328-2npexaaf8x_pw_infected[.]zip | Triage

Sharing

General

Target

240328-2npexaaf8x_pw_infected.zip
Size

1.8MB
MD5

0cba41fc9aa4b75d30768d777d86de9f
SHA1

28ee994eb6b8df924a07e3714f67f17815392608
SHA256

c979181926592d0356b6d1cce88d6666b8636793b344aafe0f766cec719b3eb8
SHA512

983e88849ce430cdf661c8cf3aa54202fda9b06c04d11aec7816dde9f6dd1b86c6d375c22ec8a920f5b882382237e06c99208b1e2d8dd9c04f6287b95107b293
SSDEEP

49152:HLbRDjb8nntIF/CjDtUvy4l4MbMswyZQPp3/gqV:HfRDvYnWhCjRWy4UsBZ23/g8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/c643ac1729b33660a218af7260f0a8b3230c1ef8795d21528479396dfd491ccb

Files

240328-2npexaaf8x_pw_infected.zip
.zip

Password: infected
c643ac1729b33660a218af7260f0a8b3230c1ef8795d21528479396dfd491ccb
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 186KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fjnezbud
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eexrsies
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE