8f199a44ccdae77468e901502b31b528ba346f29e1da0594148a726e14c4ffa8[.]zip

General

Target

8f199a44ccdae77468e901502b31b528ba346f29e1da0594148a726e14c4ffa8.zip
Size

123KB
MD5

560401c283c59899ad9c14839c9fbee7
SHA1

3c2d5b7f4760042f38d0dfee253c745da38c765e
SHA256

f0a75fe37ee60efeb5a89a0491d8c718f4f00537f8ed34612ead6bffe853c897
SHA512

44e5bd71910791244af3df7250a3b2a5a8ff53777734c779cb006e51945960d38a5147d506559945abd1812fbf27b60df4fe05de9de9fad6eb7692d9c78c20fd
SSDEEP

3072:kVhpX2gc5pODo0g3oAzeX9PJAV985HSKeHF/FFFbjID01yq:kVhpXv3DoX+9PJAP85HSKexZjISyq

Score

5^/10

Detect suspicious telegram bot 1 IoCs

Detect suspicious telegram bot.

resource	yara_rule
static1/unpack001/8f199a44ccdae77468e901502b31b528ba346f29e1da0594148a726e14c4ffa8	suspicious_telegram_bot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8f199a44ccdae77468e901502b31b528ba346f29e1da0594148a726e14c4ffa8

8f199a44ccdae77468e901502b31b528ba346f29e1da0594148a726e14c4ffa8.zip
.zip

Password: infected
8f199a44ccdae77468e901502b31b528ba346f29e1da0594148a726e14c4ffa8
.dll windows:4 windows x86 arch:x86

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ