44d3285bc61dce9e76355aa7854087fc8ac5bedfb37939418cfd75f1fbc04634[.]zip

General

Target

44d3285bc61dce9e76355aa7854087fc8ac5bedfb37939418cfd75f1fbc04634.zip
Size

128KB
MD5

fee76d9e07c9fec268e191f66be8a2b0
SHA1

edd137b1f6cb41d7be893c9516de6519f3f4a059
SHA256

a8491372913d6a7b778ee9da0af36e2c7c126220841df861accbf42cb74d4e77
SHA512

17d35a6be965f40b40e7aee84bcfe1184ae277161109b45aa439566a599c33c8943d3937b79de8ec5936611a381de72edef70dd1982a3ad212914e18339dfc01
SSDEEP

3072:E4KbOUAUZzxSi9fwW+QNnq6xlUDylhg3LZ/P:EPbtFnfwbQNq6vKam3LZn

Score

5^/10

Detect suspicious telegram bot 1 IoCs

Detect suspicious telegram bot.

resource	yara_rule
static1/unpack001/44d3285bc61dce9e76355aa7854087fc8ac5bedfb37939418cfd75f1fbc04634	suspicious_telegram_bot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/44d3285bc61dce9e76355aa7854087fc8ac5bedfb37939418cfd75f1fbc04634

44d3285bc61dce9e76355aa7854087fc8ac5bedfb37939418cfd75f1fbc04634.zip
.zip

Password: infected
44d3285bc61dce9e76355aa7854087fc8ac5bedfb37939418cfd75f1fbc04634
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ