d[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

d.zip
Size

45KB
MD5

14174e51f952991ff03eaa4a2b3ea2c5
SHA1

ebd84d82aa8d0032c269ad1b2cae24f4ce9f7826
SHA256

69dd930cfdc5711536e0bb5f8260bb203b83364fcf6b3dfbea3f02a3ecbab9e1
SHA512

e287ecd8e8d8b8334ae2e2341906bd1516c17d7ff92231da4a390e47f9af1bf88fe338f41c684b8fed0d9a20e464a573037050d02d8ef71e7ab7ac17ca31cacc
SSDEEP

768:2l820JsSAx9xlErjnytWq375qCIO208H70/AHU0VDgoUkD2PfGDLot5BLNPYoOVv:CpWOEfyl3trP29HY/A3mhki5BLNPl+X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d/ipepython.exe

Files

d.zip
.zip
d/START.bat
d/ipepython.exe
.exe windows:6 windows x64 arch:x64

a1304c4778128720e89539bb55752e4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

W:\IPE_P1735_V2\projects\ipe\python\objs_win\Python-3.8.3\PCbuild\amd64\python.pdb

Imports

python38

Py_Main

vcruntime140

__std_type_info_destroy_list
__current_exception
__current_exception_context
memset
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_seh_filter_dll
_cexit
_crt_at_quick_exit
terminate
_get_initial_wide_environment
_configure_narrow_argv
_initialize_wide_environment
_initterm
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_execute_onexit_table
_set_app_type
_seh_filter_exe
_c_exit
__p___wargv
__p___argc
_initterm_e
_exit
_crt_atexit
exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

kernel32

IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentThreadId
GetStartupInfoW

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d/text.txt

Sharing

General

Malware Config

Signatures

Files

a1304c4778128720e89539bb55752e4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python38

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 576B

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 576B

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 512B - Virtual size: 40B