test1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test1.zip
Size

20KB
MD5

e2091ce78c7a866ac0d693a5a91ca7d8
SHA1

ddfee034d46967081223f6f73cf63fede8eee213
SHA256

bc66d22c2b28f4f57591536b6fcc17676133773c685886f7836f20b6af0f4a99
SHA512

325c1cbfe5fd2d4bb1a14890158243afe2b6823c968e052ef8bc9b99669ea5a9d4d79248a7249f852b104dd561a455b4e98b5d47a370bd6b4fe2f3ec94618edd
SSDEEP

384:91bVI/PYA1OkQC9DcWhXCXJ6rqnSWi/dueGH6S1SQv4jQr7o3xH/Wtvywo6XdwYN:bbq3YoOkdxsPndqueQ6SxSIo3xfWhroe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tinytask (1) - Kopya.exe

Files

test1.zip
.zip

Password: test12
autoadmin giver.rec
tinytask (1) - Kopya.exe
.exe windows:4 windows x86 arch:x86

Password: test12

2eaf43a49d1a8bff951d9247e6d730d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
FindNextFileA
FindClose
FindFirstFileA
GetFileAttributesA
GetFileAttributesExA
CreateDirectoryA
GetTickCount
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
HeapSize
ExitProcess
GetStartupInfoA
GetCommandLineA
GetVersion
DeleteFileA
CopyFileA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
ExpandEnvironmentStringsA
GetPrivateProfileIntA

user32

PtInRect
AppendMenuA
CreatePopupMenu
SetTimer
GetCursorPos
TrackPopupMenu
SetKeyboardState
MapVirtualKeyA
GetAsyncKeyState
keybd_event
mouse_event
MessageBoxIndirectA
SetWindowTextA
SetFocus
InvalidateRect
SetWindowLongA
GetWindowLongA
SendMessageA
GetClientRect
FindWindowExA
GetWindowTextA
wsprintfA
GetKeyState
SetCursor
GetCursor
CreateCursor
PostQuitMessage
KillTimer
DestroyCursor
GetWindowRect
EndPaint
BeginPaint
DestroyWindow
DrawTextA
IsWindow
CallWindowProcA
GetForegroundWindow
GetDoubleClickTime
SetCursorPos
LoadImageA
DestroyMenu
SetWindowPos
DefWindowProcA
GetSystemMetrics
SetRect
GetDC
LoadIconA
RegisterClassExA
MessageBoxA
CreateWindowExA
ShowWindow
UpdateWindow
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
VkKeyScanA

gdi32

RectVisible
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateFontIndirectA
GetObjectA
SetTextColor
SetBkMode
SetBkColor
GetPixel
CreateBitmap
GetStockObject
DeleteObject

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

ShellExecuteA

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: test12

Password: test12

2eaf43a49d1a8bff951d9247e6d730d9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 15KB - Virtual size: 15KB