5fd20e5d70e0cee9356325105b307f14[.]zip | Triage

Sharing

General

Target

5fd20e5d70e0cee9356325105b307f14.zip
Size

215KB
MD5

3dae3f415e5267fc6dcc48fdf26334a8
SHA1

87de73a3d14e4751e9410c9bde35b93b82594748
SHA256

a9a79a7bfae2b96bac84332cf249117523eda2d09b724c5ccce25ff362f727cf
SHA512

bbb33a7127f9cab54e9927a79136c40aa122904350e48b90094acd529ee50c1a4a01a44aad404fc8ef2d6e430208bf42c94dddc9d6f71c7246c9fa18809f3992
SSDEEP

6144:wjojqIKuj2TRLMgym9WBkOQ5LMJkTpepx:w3Wj2TRJ/96vKMnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3c5997c3434fd6d594812071b6a57b5a790489ecd1330176ed709fdf510eb9ff

Files

5fd20e5d70e0cee9356325105b307f14.zip
.zip

Password: infected
3c5997c3434fd6d594812071b6a57b5a790489ecd1330176ed709fdf510eb9ff
.dll windows:4 windows x86 arch:x86

Password: infected

eb8ce8d6456329b7038389384482d394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

mfc42

ord825

msvcrt

tolower

kernel32

FindNextFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow

advapi32

RegEnumValueA

ws2_32

bind

shlwapi

PathIsDirectoryA

ole32

CoCreateInstance

oleaut32

SysAllocString

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

netapi32

Netbios

Exports

Exports

Dispatch
InputFile
PrintFile

Sections

.text
Size: 322KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE