malware[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

malware.zip
Size

70KB
MD5

c3adb3e2370c964162babae20c88c142
SHA1

e4fac0316d7aa81969ed906ccb9c900d9f3b6b32
SHA256

8bbd7978caf86b0f17690586225e296123d6664916e40a4b02a65cc605e4692b
SHA512

f672cf944b87c3df559cd3f0adb5acddc909638b61eb785be94e5592893cac0f415dee5d3cec8115dfd95a06c1dae34a7381eb7d12972142e53c58ccd7b989ca
SSDEEP

1536:MdpqTjKsG6Ig19I2EsQLR7I4+07RaF6QOSttt/qUnntR5GN45p8UgUqH:Mb6jtG6t1euQ24H7ZQOGtt/vntvNvgUw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rootkit.ex1

Files

malware.zip
.zip

Password: infected
rootkit.ex1
.exe windows:1 windows x86 arch:x86

Password: infected

68b959f526f1bb79907383ec0f4e13e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CompareFileTime
ExitProcess
GetCurrentThread
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
GlobalFree
IsDebuggerPresent
LoadLibraryA
SearchPathA
SetProcessAffinityMask
Sleep
SleepEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
lstrcatA
lstrcmpA
lstrlenA

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SetBkColor
SetTextColor

user32

AppendMenuA
EndDialog
EqualRect
FindWindowA
FindWindowExA
GetMenu
GetMessagePos
InvalidateRect
IsCharUpperA
LoadCursorA
MessageBoxA
PostQuitMessage
ScreenToClient
SetCaretPos
TrackPopupMenuEx

Sections

.dKVU
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cPBG
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aFUR
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rOPG
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ