16531720700[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16531720700.zip
Size

276KB
MD5

63aa6143a3bfd2685c649f16c3fefb56
SHA1

cd478968d577783c1a65516f86c61d7337613485
SHA256

a539440f8fe4708ed44dd623221016597688a8dda540ec1ca2cea2851c1a8f50
SHA512

3b7dae25d64a789cc0520382c6cb1903a23b09a8fa18074fb7ac10e87b649188686639a99242e467b416bdada3b757661e6d0ff9ad5a9052aa01302d5f7d0267
SSDEEP

6144:8EiWHoDghfp6kYtMl+3Mt4wOpSdmdSUlZ/f0XNF9ldXGu:8EmhtMU3INESd0vC9LN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4ff537fea79e85110898e75d695d2260a54b31f76a16ce294f98bb4c47d0dc0f

Files

16531720700.zip
.zip

Password: infected
4ff537fea79e85110898e75d695d2260a54b31f76a16ce294f98bb4c47d0dc0f
.dll regsvr32 windows:6 windows x64 arch:x64

1eac294fb3b72b73a74f7307896da07c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetProcessHeap
HeapAlloc
HeapFree
MultiByteToWideChar
SetCriticalSectionSpinCount

user32

CloseGestureInfoHandle
GetClassLongPtrW
GetWindowContextHelpId
GetWindowLongPtrW
IsWindowVisible
MessageBoxA
RegisterClassA
RegisterClassW

rpcrt4

RpcServerInqBindings

shell32

SHGetFolderPathW

Exports

Exports

DllRegisterServer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 933KB - Virtual size: 933KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ