oinstall[.]zip | Triage

Sharing

General

Target

oinstall.zip
Size

20.7MB
MD5

2e08b34130ea197b35da5edad338afc6
SHA1

e28017f48bc91480310b734be002e37ac35179f3
SHA256

b651981ab7d61aad4eafd338eb4cc28c4a3adcc12bece603e13b38e5cab0b9ed
SHA512

b845db29555d28e84915dc743da364bf494286ead527af142d538a30eca10ebf1639cdb9b408ee4fd9abd757bdda05fa048f0a1be069d9eb94390ba317c27835
SSDEEP

393216:bxL2XqM1/DpZ3PDurrKVPOcz+e5KkLRErcTia5rkBgZCTsIvmVcOhK6Ff:tL2t/NZ3PDufKXz+eBdRlrknfmVd4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/oinstall.exe

Files

oinstall.zip
.zip

Password: infected
oinstall.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10.4MB - Virtual size: 10.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tdhs
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qqfv
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hnce
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ