240422-qz4s7aca82_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240422-qz4s7aca82_pw_infected.zip
Size

1.8MB
MD5

bf3612946171371ce5ae3a2c30baa203
SHA1

b46c7e719350cd9520bb445d4ca79b9a2ea7c1ff
SHA256

c5fe4add256343f72ea67d52dbd2b1c80e2cd4cf3379ff2050c9c2eb94f17977
SHA512

0d7922e0e58730c24f8b2f53f1b557d012747d5e25d2f61c12478fbd36932e2e1d1f73ec0226ceb4d89f959fb35edaa3d7ca9e79a1d1aa84fe7dfec37674a5fe
SSDEEP

49152:EsGEZ0E/tGjW9R5NMXPV5G9JipW/AvONze2gVH:pGEmEoW9R/U2JipQDzetF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ab086166033bba92bd5c083808261d098b50fa5e9d87db594d6cee66127c7102

Files

240422-qz4s7aca82_pw_infected.zip
.zip

Password: infected
ab086166033bba92bd5c083808261d098b50fa5e9d87db594d6cee66127c7102
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pfqsnzca
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

clicvmxf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE