ProgramOverflow[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ProgramOverflow.zip
Size

560KB
MD5

44481efd4f9a861444aa0aa05421a52e
SHA1

22e9b061f8fc3147dd0ec8a088a38272b0d30bcf
SHA256

7b8632db07cb8693963402624e6ad884187b23f81ec7968fba2631909d5919b2
SHA512

819cf783345751f6fb000142b59ebac5b72c8878adfaec1c9472bf242d7a469cdf21a2d89c6e292599606f19782c1951752f763bd89efed35e1b0f2d2fd52827
SSDEEP

12288:WEFL1PRkKXm5t+HE4400xZbEAizJuwY4LMUPKrDYUrKWlQ4qpK2Bds:WOLvk4m6HET00/E1zJuAivYgY7fs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[email protected]

Files

ProgramOverflow.zip
.zip

Password: mysubsarethebest
[email protected]
.exe windows:5 windows x86 arch:x86

Password: mysubsarethebest

9f9da03f359e04c9ef7a636c5fa7b6db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

winspool.drv

ClosePrinter

comctl32

ImageList_Add

shell32

ShellExecuteW

user32

GetDC

version

VerQueryValueW

oleaut32

VariantInit

advapi32

RegLoadKeyW

netapi32

NetWkstaGetInfo

msvcrt

memcpy

ole32

IsEqualGUID

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 556KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE