c[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c.zip
Size

18.4MB
MD5

f0002d8619b7b75aeff6dfb753902606
SHA1

c4f2a36215a032e02b2481f5f2d69d0cb364d500
SHA256

db8fbd038ec444de11a63c65e948bf869062d7720f223de021b8049730aa20e6
SHA512

daca193dbead602f14f04a54ba95a204b289e3facb428ce4ff2cc2e45d09b7115bd1455f0db83c50dca9c07ba2018ae57e86b61f70920d87f4efdc331a9d85d3
SSDEEP

393216:15j69buEqwckGYIK0g7SqhW2r43uuwlM4/7ASg+Mzi0TKSbvzJlVffMJ:1CbuEqwPjD0WSqhgeuyP/7ASgC0TKSbO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/AME Wizard Beta.exe

Files

c.zip
.zip
c/AME Wizard Beta.zip
.zip
AME Wizard Beta.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AMEWizard.pdb

Sections

.text
Size: 17.4MB - Virtual size: 17.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c/AtlasPlaybook_v0.4.0.zip
.zip
AtlasPlaybook_v0.4.0.apbx
.7z
Disable Automatic Driver Installation.reg