7c08f1115bdb6b1c00eba69252fa312f[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7c08f1115bdb6b1c00eba69252fa312f.zip
Size

462KB
MD5

64120c380eaf17039dcdc20d95df01d4
SHA1

ea3b1198963fad4f6be691cdf6446c28e0d30bdb
SHA256

e54fd4cf16a32624703b57335cc46f153bf1ce50eb41bc09b00f1db04aff97f6
SHA512

1b1d0cc67818a0dd76c1ffd65fea640bfe990f580d6cd238557d96b6d949849c980220d0b0757a6b51b70c0ce5973bf0efb590696096f1b522cecd382bb16747
SSDEEP

6144:8zp2zwoKEY5EnxsXtSIhkmC05L8CkAcCiFJk+CFEHIrmu+MVwjnEErmMU6yBHBQ:ogX7xsvkmCkknXk+CpJ+y/hYyJBQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ff92d0a38c1262b508739bdaa88898aa5e0373a5f44083fc040808057ce343a6

Files

7c08f1115bdb6b1c00eba69252fa312f.zip
.zip

Password: infected
ff92d0a38c1262b508739bdaa88898aa5e0373a5f44083fc040808057ce343a6
.exe windows:5 windows x86 arch:x86

Password: infected

ac99a5a6590e07f40380584be971cd01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

msimg32

AlphaBlend

gdi32

Pie

version

VerQueryValueW

ole32

IsEqualGUID

comctl32

ImageList_Add

shell32

ShellExecuteW

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

Sections

.MPRESS1
Size: 458KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE