b4f8ae535d9c14e6fa16a2bd937ab3d2[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4f8ae535d9c14e6fa16a2bd937ab3d2.zip
Size

754KB
MD5

93d5f41567e5c3aa0338817ca1614d16
SHA1

d1e03290981d3c40d7ddc6afc64c3a96d619a0c3
SHA256

59593ab842767361ab2f0c29e9416f9db4cb7e87d8cff2900d491b11fc03efa7
SHA512

952b500adaf093ab1b884cbbaad3b39d3ef0de1ce9700139a381bd761c349fce7cd361fb4f7688f70de60c0979c97e217dafc7850bc7b9427a2c3095c56d3188
SSDEEP

12288:CnU9ZyFtcI8lzloOzJjoZP+9gpq7kuakabAhcrWtrSNaEEKWaR3B9rNBweZbC/dm:TESRdzJExJqxduWFSDEKtRzRBjxC/d7y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bd0de16f0d9356db13c9bd9d8cd39c0f27cafbfcfde9d904e0b4c23b9ff775b3

Files

b4f8ae535d9c14e6fa16a2bd937ab3d2.zip
.zip

Password: infected
bd0de16f0d9356db13c9bd9d8cd39c0f27cafbfcfde9d904e0b4c23b9ff775b3
.exe windows:5 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ