29af04baccc2f78c47b423d466e9a7ac29122e43bd1b747dc1354cc8bb010efc[.]zip

General

Target

29af04baccc2f78c47b423d466e9a7ac29122e43bd1b747dc1354cc8bb010efc.zip
Size

5.5MB
MD5

f90b858c0d8c9b785269a1f1f87fea6f
SHA1

84c8018489decfccdac68fbae8b7aa43ed1fba24
SHA256

83d2af97b941313c3e1cb0b3aefd6b295c3323c0fe911f708b8ed45e85ab07f9
SHA512

bc421218c2bfba834507b353f1eee11ccd64a2da2369244c3ab953cb5ce96a7501b6b1e5bd1f67a6e4cb78652afeadcfa589a3faf94c81edf52d0edfdfc06a64
SSDEEP

98304:765EFs03+b5m6yVFVUXMtEDk9o7MF2olYDVNl0DK+2Q9cbSSGrDZhNJTAG1xfAAs:7SEn+8FVWgugFHwzl0l2bYNhzACq

Score

5^/10

Detect suspicious telegram bot 1 IoCs

Detect suspicious telegram bot.

resource	yara_rule
static1/unpack001/29af04baccc2f78c47b423d466e9a7ac29122e43bd1b747dc1354cc8bb010efc	suspicious_telegram_bot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/29af04baccc2f78c47b423d466e9a7ac29122e43bd1b747dc1354cc8bb010efc

29af04baccc2f78c47b423d466e9a7ac29122e43bd1b747dc1354cc8bb010efc.zip
.zip

Password: infected
29af04baccc2f78c47b423d466e9a7ac29122e43bd1b747dc1354cc8bb010efc
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ