18546006288[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18546006288.zip
Size

1.8MB
MD5

8b05065e53745f115811b3db38212ba2
SHA1

404460d562f5d5b65dda67236392689e1c12e3b8
SHA256

b5b1203edae9b60949c7eebe9830a1a4160d0737f6bb894f174d7190ee45ee87
SHA512

eb666f1661773de9fd712f1a55b9204c0e2b9c3d6f74116bfb0ef43df3ade67d44bcaee85662676a7d203e710344391d000af298d9128c567792864be12518e4
SSDEEP

24576:OZFD/NpTpAzmYEWjyMyBsQXh/9fRs4dNpwId18k9mUVh28QpiwQuQXHNmWVzbTlN:oTpAfyuQXHiId1maUFQXNmkx6VO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/975a833cfe81c2274b3c02b0b865ecc3897e7673558d87340645c91fc65175e8

Files

18546006288.zip
.zip

Password: infected
975a833cfe81c2274b3c02b0b865ecc3897e7673558d87340645c91fc65175e8
.exe windows:6 windows x86 arch:x86

48d4a6a3111a18b082fa3638b1568f64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.6":
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.?;e
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.n-.
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ