231006-cq92ysgf7s_pw_infected[.]zip | Triage

Sharing

General

Target

231006-cq92ysgf7s_pw_infected.zip
Size

4KB
MD5

16fbaae59d8d4047ade8a6ac3f1f766b
SHA1

f681da34dbeb4143459c4eb8613728d2584d1f12
SHA256

cd41f539e9a834587d546669523856ad7823fcf2680061c08439a96b0bc2c1db
SHA512

d80a175633eb6d8e10f2632f5b91018d319c31cb38a000f35804f4efbd65fafe874745c53be552f0b82156144bf1d29f36f0be565383f275f086a99f7d9e67bb
SSDEEP

96:4G4QR0bkO93HMwns/hSAZdBTMY8MRNERyY1+F1fcVK9mhWgy7jn:4+GMQsJSYSYx2yYQbkVUQWtjn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/svchost.exe

Files

231006-cq92ysgf7s_pw_infected.zip
.zip

Password: infected
svchost.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\j0k3r\Downloads\Compressed\Crypto CLipper\Clipper\obj\Release\Clipper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ