sample2[.]zip | Triage

Sharing

General

Target

sample2.zip
Size

3.4MB
MD5

1d25f13d93b8225ec6fad14d868025ef
SHA1

f38b28eecc5a88ae3cc147f6e953c5f34514568a
SHA256

341a06e1cc43962efe30ea6928b5bedd2b4a4aed1044be921392708965557267
SHA512

069768c64cc7c4df1ea7779ebc8343b4252de7d826df4178e9a2f98204dcfe559f917d05003fc8e73965a94dcec6f888a959ef354944237773e0251495a3f88b
SSDEEP

49152:kZMGCbEeTLYkzDfXjBcIS3svKJZpoiOMMhTqrN4NGH+nH5T9jV9HKtRwqrk:kZ9OEeTLffw8mpg8N4NGaZJWXdk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/ae12bb54af31227017feffd9598a6f5e

Files

sample2.zip
.zip

Password: infected
ae12bb54af31227017feffd9598a6f5e
.dll windows:4 windows x86 arch:x86

2e5708ae5fed0403e8117c645fb23e5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CreateProcessA

msvcrt

free
_initterm
malloc
_adjust_fdiv
sprintf

Exports

Exports

PlayGame

Sections

.text
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ