665b6a60d7632273[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

665b6a60d7632273.zip
Size

12.5MB
MD5

1f2e7030f544e5608909dc27e9f7929c
SHA1

1963021ab679efb47c769c11bcbee375af7e36f7
SHA256

02a72c71e159ce8f9073614bccce2ffc48094aa01e9f8c314a032a5e100072b8
SHA512

65130537747efb0889d8f6b3899eef7fbd5085cd1d8c2226bdf8ae72de30a456f48b3ec1f6e11e44961daa55c663f97ce639cab84bbbe863077071d632790743
SSDEEP

393216:9byKuRd0I+j7bzqhYxdQeA3ilOqfhNclmDe8dp:9bLuROH3P7W31qfhNcaeQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Client.com
unpack001/Library.png

Files

665b6a60d7632273.zip
.zip
Client.com
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

�$<��6
Size: 1KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Library.png
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

oeYd
Size: - Virtual size: 11.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pYD6
Size: 12.5MB - Virtual size: 12.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eZHa
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
RunAsAdministrator.bat