Win32Bancos_orcamento[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Win32Bancos_orcamento.zip
Size

2.2MB
MD5

f3cb143fd261fcefd311bb34ac3d9966
SHA1

49a173f2d78c5e84f9c276bbecc9ae67abc9b4e0
SHA256

5a4d78b9e26b19c157c1f87965e6acf45b4f0cb38f1b783aefd79a98fff2a5d9
SHA512

d0ba1fd5a9ce6dba3e567e06796aefa4fdfaa4fcd214f64ff8570dd4162dae905eb156eee4906e192ed5ee120878bf86dcfd81efae0b39c3e3dffae873d74f2b
SSDEEP

49152:9MNhu8mSLfyou2Ae4IzVPDmGtGS4C/wiq:qHuNSLo27hPDrtr4C/3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6ff20045b91f1b09c1c6e163276b64cf25a03bc29aca4a043157ab289c75677a

Files

Win32Bancos_orcamento.zip
.zip

Password: infected
6ff20045b91f1b09c1c6e163276b64cf25a03bc29aca4a043157ab289c75677a
.exe windows:4 windows x86 arch:x86

Password: infected

6fafa75c1644662e59fc8c5717f5a79b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

shfolder

SHGetFolderPathA

Sections

CODE
Size: 2.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE