497d9a1da3a75a224b4026babe884ab0[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

497d9a1da3a75a224b4026babe884ab0.zip
Size

1.1MB
MD5

d2c97b717ee336f0356537556b2d7b66
SHA1

d43060e1cafd93d3fc5c2183a17c18f6233eb5f0
SHA256

e0b4763418a2b2879f9dd16b1b6b69208be81195a1f190dd74485b9b536f830d
SHA512

1cb2c6820cdc0f1e28defd7c18a884dd7592fb61644e473fb2deaec4216301e61e95bb769794e09fe759115b13d3bd956f834b524fc1f862cd897646c8cceb83
SSDEEP

24576:gpDgUaX6TuCfhys5va657HAH81/L1x+xebINdhWv2ByRW6B9lHnq:gp07gfhF5vaA7HAclOwIbUeq/lK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f363a84f74161ca0023cadd03fb8ec7aeb0c754120c16897b63486dd867833f9

Files

497d9a1da3a75a224b4026babe884ab0.zip
.zip

Password: infected
f363a84f74161ca0023cadd03fb8ec7aeb0c754120c16897b63486dd867833f9
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\orgchart.pdb

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 400B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ