240807-y9vx2atdpr_pw_infected[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

240807-y9vx2atdpr_pw_infected.zip
Size

30KB
MD5

4f62ee1a5301522eae7ec537322181db
SHA1

75cd093aa4594c41803c021aa4e6a111494206e4
SHA256

2bee7443ee09ff2796547c8f7347716e40cbd3ed6e70baab142ee3b56c4e4aed
SHA512

927f08d635fd0a806d1d80ea15330b2c01a870d89ceb15dc274bf70a8d0f28b3b694e5c02a958da2adc88ebc74b8780438cbc4432f05e01cdc3db8d007001b43
SSDEEP

768:1Q/VX+ZI8BvjTTPwU9j5pyhzZG0dd9MXJPntg:1Q/VuZJvLRj5Af9+ntg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/crackme.exe

Files

240807-y9vx2atdpr_pw_infected.zip
.zip

Password: infected
crackme.exe
.exe windows:4 windows x86 arch:x86

158424a205ce8b9bdaed8353a1df1bd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
SendDlgItemMessageA
SendMessageA
GetDlgItemTextA
MessageBoxA
LoadIconA
DialogBoxParamA

kernel32

lstrcpyA
lstrlenA
LockResource
SuspendThread
RtlZeroMemory
SetThreadPriority
Sleep
ResumeThread
CreateMutexA
ExitProcess
FindResourceA
GetLastError
GetModuleHandleA
GlobalAlloc
GlobalFree
LoadResource
ExitThread
SizeofResource
lstrcmpA
CloseHandle
CreateThread

winmm

waveOutReset
waveOutGetPosition
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutClose
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ