91e010c37bb00314098c78586085bc4c[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

91e010c37bb00314098c78586085bc4c.zip
Size

1.6MB
MD5

c755910df9cb8b51395e3785a8a74489
SHA1

bca92bd4f5bbf524c2222a7a8927708724a2bbf5
SHA256

dd4d281eb099236f159303ed34eb4ad4dc2cc99e0ab82e9a3debe741c75e2216
SHA512

b33a499b325edc0c44451c3fe2f3892889281c1ee7d442fc1939faaeae0662fc550ccfb53a68281975412443a53abd718174068a8b1b08219153b1ffc912555e
SSDEEP

49152:6qIcemEvPl2KiLVPYk0y5QWEqooOO4CgWSHaqE:6qISilrkVPL1EM9PX6a3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6ae544d791657af16adaf66ae14927454d0a16af0b569c6a595b64197bd2bd49

Files

91e010c37bb00314098c78586085bc4c.zip
.zip

Password: infected
6ae544d791657af16adaf66ae14927454d0a16af0b569c6a595b64197bd2bd49
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\olicenseheartbeat.pdb

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 380B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ