shablon-na-post-tehn_FDnxHWOhZm[.]zip | Triage

Sharing

General

Target

shablon-na-post-tehn_FDnxHWOhZm.zip
Size

6.6MB
MD5

7243fd2bf61a08019de644721fc61d33
SHA1

3c2b89c81c767ebcaf12ce43d12e205999538657
SHA256

ada094d07a92d8c953d91e33d3d3c7210ce1a0a6d3ab52fcb76855e785236247
SHA512

45ed4d81d58f2a51c2e536474eaf9d1f2fb3923940d28f33a35fe41bc645b4e97b2fd0711a5e70b4c1ee2ad4e3edd9aab96d1b9bdd11d96bc0d42048fc49d0ff
SSDEEP

196608:V37DstF1Ler8XGHLYMQfiuE4kg4D+mvcw3:VLkFpE8WHs16uE4fqvj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/shablon-na-post-tehn_FDnxHWOhZm.exe

Files

shablon-na-post-tehn_FDnxHWOhZm.zip
.zip

Password: 123
PASSWORD 123.txt
shablon-na-post-tehn_FDnxHWOhZm.exe
.exe windows:1 windows x86 arch:x86

Password: 123

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ