18520516804[.]zip | Triage

Sharing

General

Target

18520516804.zip
Size

525KB
MD5

e9bf5f1b55d9591bed4f2eb02b6336aa
SHA1

54bc97b7c8b0578d2ff819b746f7dfd98251cc35
SHA256

620aa28546220dad9f711520da41a010c814349e31216352e31797060724e82b
SHA512

d6b4eba0a07367b133f2b1998a4168585a66b17a0f5e857b9a0cc6be8f266353e266842dd39e2b013a2fbc573b46f3605b4cfdc879b9c5c79a9ec105507609ab
SSDEEP

12288:DsrqafVjIb1MCwCtgVVyOcwk18pUMute7oV:Ehdj21fwCtgVVyOc9CpUttt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8b6aa12ffa54aa24280ddc0477b73690d2c06a847b8162afac53566b712ca9a8

Files

18520516804.zip
.zip

Password: infected
8b6aa12ffa54aa24280ddc0477b73690d2c06a847b8162afac53566b712ca9a8
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Baiwang\WorkSpace\bwfp\appstore\AddIns\Process\BC.BXWStartProcess.App\obj\Release\BC.BXWStartProcess.App.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ