explorer[.]exe_0x4c80000-0x1a4000[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

explorer.exe_0x4c80000-0x1a4000.zip
Size

738KB
MD5

25fb203f03f248e01fa622c5203ea9ef
SHA1

a8026a192545e80c22bcf6f5f38b01044cd7da33
SHA256

7a8cf2fb4abca886bd6276b11eb3d11cba4d281d839bfff4cb642b3c391328c5
SHA512

d705c65c6f9efe9143f2b8abc25aa7781e93d9fa22fa7201d725bfbf44ff46ce4a3c859bcd54a73e6ea1777fe9020900b7041c6c7356e526bb8f3bebcb5d95e3
SSDEEP

12288:0V0dZ2ZNWiiBYo1XLbuDpoHXpiD7V8JKUGfCkd/zw+ZfI4+l+D:qS+F8TXLb0gcD7VG3CCc/zbG+D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/explorer.exe_0x4c80000-0x1a4000.bin

Files

explorer.exe_0x4c80000-0x1a4000.zip
.zip

Password: infected
explorer.exe_0x4c80000-0x1a4000.bin
.dll windows:10 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT
Size: 512B - Virtual size: 425B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 826B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mrdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ