0a00c0511deec8b98575482565c15abb[.]zip | Triage

Sharing

General

Target

0a00c0511deec8b98575482565c15abb.zip
Size

58KB
MD5

05f4437481130d4491acc2bfb1a91fb5
SHA1

5afeed7f98d7ba5c31ef130987dbecb279bb107b
SHA256

eb08f0b9708433015aa82f90d19916d72b36f9d74703741ce6c5bb07433ffd2f
SHA512

7d242f0dbdb89244099007de5e17dbdbc8f680c5e60a7232df086b3156734b3751a96eb7d660d55c041625ec658086ba261e20f3f60fd687694ddb68868a12ef
SSDEEP

1536:NLJHqCsQppeyGFXcPt5/G1TllcVk0JhUESTe:N99u1Tzc9ei

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5d2fe8a88e3494c32ee9ec2b474b14e44e2f5c163599ba68dcefc52467ca5f29

Files

0a00c0511deec8b98575482565c15abb.zip
.zip

Password: infected
5d2fe8a88e3494c32ee9ec2b474b14e44e2f5c163599ba68dcefc52467ca5f29
.exe windows:5 windows x86 arch:x86

Password: infected

b892955ae494fe908bdf52e81e1dfa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

HSUDHUHW
Size: - Virtual size: 148KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HSUDHUHW
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE