General

  • Target

    vozer_promo_pass_infected.zip

  • Size

    53KB

  • MD5

    5d8c03c354500fdeaea2d5969f360712

  • SHA1

    d3a0ff8a84eda1939eb796e3d07b2a9ab7a5a0db

  • SHA256

    324c0102bae77f7829b0c441875565b1f31f2e57757958a261b9fcef7345749a

  • SHA512

    ce58ea5b60ec87196d54ca81f5f3024771c65106b520751ff1ffb329681c033a48bac40adb09a3e572017ddf7bb722e9cdbef207a41ec44c532f44df7529942c

  • SSDEEP

    1536:s4ZN6iF9Ejlp4LrJHtQeCbLpdU6yWUfLeGafDNl:jL3EjlGL0ZPbwLePDNl

Score
7/10

Malware Config

Signatures

  • Obfuscated with Agile.Net obfuscator 2 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • vozer_promo_pass_infected.zip
    .zip

    Password: infected

  • Promo Materials for Bloggers (Only PC).zip
    .zip
  • Contract for collaboration.pdf.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • Logo Spotify.png
    .png
  • Promotion video from Spotify.mp4.scr
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections