2024-08-06-11-44[.]zip | Triage

Resubmissions

06/08/2024, 04:07

240806-ep14rstapf 10

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-06-11-44.zip
Size

182KB
MD5

883c514100919fa2835c13c978222206
SHA1

6b14d250daf8dae3246c3ca642b064f95325165b
SHA256

30a16cc9c98faf68ff7728e2c4dc22f1c7ac329fcb5138cd4b00b4ea48ab484e
SHA512

afc3d7f894e2ef98400caf7c6cc5e88c5875641f85c6243bbc0014c81ffa6b373ab3f07cf10d2bad3003aec3b910cf5c209eeaf779569f2394cdde46dacb9d6d
SSDEEP

3072:3O61lj/Zd0bwcxVmY7/4hC9RSb8xGsZkOJlUkOfDO7PBB2UYHqt3oKLEcnf31Osr:l1ljRAwX6whYRC8AckYKIBp6qtH1n4sr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dba2eaf17629982c17a22c8899d3189b4dd6536e9d164c80e2e9bd3126ad408a

Files

2024-08-06-11-44.zip
.zip

Password: virus
dba2eaf17629982c17a22c8899d3189b4dd6536e9d164c80e2e9bd3126ad408a
.exe windows:4 windows x86 arch:x86

Password: virus

16e53cf5b94f28d7194b8522fe6b3321

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetModuleHandleA
Sleep
LCMapStringA
GetStringTypeW
GetStringTypeA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
RaiseException
MultiByteToWideChar
LCMapStringW

user32

MessageBoxW
MessageBoxA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE