322a616afe4097e6555ce29ed330fb3e[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

322a616afe4097e6555ce29ed330fb3e.zip
Size

165KB
MD5

618f60b8539ab1bd988b9069fc1b4f60
SHA1

0b98cda430e15c5f4357a38c1a8888f8a523aed4
SHA256

ba0aacf6d173d2c4939729374b73fdcde5b934aa0f563d118576b6d483149215
SHA512

cc179fef82497a43718ecba599e94cfb416b334527e9125031bfb29e4ef6732b7dd32c51715da335786872977e9448285743257adda933efaa345675bbfa8e71
SSDEEP

3072:hnaR4oTdrdxnrww8rN7Y6aHDdvJaSZ+Svjo34mFyfwxu/uXlIZM8uEGRExYVhQp:tAFTldxVQ7I+8+Sso3wxuGXlR8uEGuxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b8dd1371a8d866803a04999ee4759657b87b9e315593e8446129f9db18bb2d24

Files

322a616afe4097e6555ce29ed330fb3e.zip
.zip

Password: infected
b8dd1371a8d866803a04999ee4759657b87b9e315593e8446129f9db18bb2d24
.sys windows:10 windows x64 arch:x64

a96fa9912e09e361274ad77f1a4b252c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

csrss.pdb

Imports

ntdll

NtSetInformationProcess
RtlSetHeapInformation
NtTerminateProcess
RtlSetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
NtTerminateThread
RtlCaptureContext
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
isspace

csrsrv

CsrUnhandledExceptionFilter
CsrServerInitialization

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ