16874189602[.]zip | Triage

Sharing

General

Target

16874189602.zip
Size

3.1MB
MD5

a1109d8a157a6189bd24c6f491c04ac6
SHA1

26034a6a90282cc6483e282eb3b8f066217b79a9
SHA256

71a4d395499af1cf4349bea2860f4da8aabef2136205cd1a3898bc707bd4aef8
SHA512

5764e9ca0d0b13c340845baaf44e6a64ad8680292dc5f9d963d4c12d861d8b8dd52aed9e920bbce754fad97ab62615cb84ec29e174ecec331622a5826cc0b312
SSDEEP

49152:dZAx2UD7vmMJLVD3YqC+g/zAePhr3g1aQMO88+cmzAxpnS+e6P/QrjOh:dZAoyb/JBIq5feP9g1lMO7bnS+5nQrjI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fd320a755022e6c79c245ad70e2324f6640feb23ef0787d2d54a572b90cabadf

Files

16874189602.zip
.zip

Password: infected
fd320a755022e6c79c245ad70e2324f6640feb23ef0787d2d54a572b90cabadf
.dll regsvr32 windows:6 windows x64 arch:x64

Password: infected

fcd5efe7a331cd5b6ab631b44b9b48a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CloseHandle
GetLastError
GetCurrentDirectoryA
ConvertThreadToFiber
CreateFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
DeactivateActCtx
CreateThread
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualAlloc
MultiByteToWideChar
HeapLock
HeapUnlock

Exports

Exports

DllRegisterServer
IXG
Jzt7B
Xgmaiv67

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ