81f34b292a94d63db89acdbedd259bbf[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81f34b292a94d63db89acdbedd259bbf.zip
Size

55KB
MD5

36d2272666d4f630598d598023785d45
SHA1

f32ef1c5f15f7346cd7b48726e85ff4f8dcc7029
SHA256

1645969363c7522105b6cd9f6023549d56a3aa6824c4bc8e25e8d6f6a9da9a60
SHA512

233cdcc2428248ecd3ea014e7103c64237aad2e2a230cd17733660073f332477b860453b79822dd10f0b1cc1e948e25d8ab0401e9ad06dd2c7026d03f6ec45cb
SSDEEP

1536:/5/YMBV1psKcQSKUNYnMbXM8E2ZegZnuoDGH/Raz:ykyvQZU+nM+2rJuY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/319f42c2b3ed5a178c2a43861342d179f616ecfcabb8cd387e842b512bedd1b0

Files

81f34b292a94d63db89acdbedd259bbf.zip
.zip

Password: infected
319f42c2b3ed5a178c2a43861342d179f616ecfcabb8cd387e842b512bedd1b0
.exe windows:1 windows x86 arch:x86

Password: infected

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ