c979ecc320752b97e39371cc8348e98b[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c979ecc320752b97e39371cc8348e98b.zip
Size

16KB
MD5

7107a2a0741983dca07a955083a71aef
SHA1

e82d7b3b3bd7de48a6d8da29da4628fcd16cc337
SHA256

f92be11fd2b0e792416c8e7a90b276998db13b765c268d5c13395f89d02d9cce
SHA512

71998b9e2948715c1ac0dff75493740f6e088014d1303a308a4d9ea5739aa7386f3a56ecb746d9aac26df4c13a4f0159d7182d22780cb3d7c39af9fbd512d5a6
SSDEEP

384:PF+Axcy/sV/jnCDUv949TWjWcgD3L55XmSD5Hla6e:PFzy/To9Tt759N506e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1513c91fc0281c609acbf6c4bdac4ba748b87d6cc23f812f0492ab877a5ebfb4

Files

c979ecc320752b97e39371cc8348e98b.zip
.zip

Password: infected
1513c91fc0281c609acbf6c4bdac4ba748b87d6cc23f812f0492ab877a5ebfb4
.exe windows:4 windows x86 arch:x86

Password: infected

fe9b94dd0e4ea2a905fbd4f42f4b2f8f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleHandleA
GetLastError
GetLocaleInfoA
GetStartupInfoA
ExitProcess
RtlUnwind
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
HeapValidate
GetSystemTimeAsFileTime
GetFileType
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetHandleCount
GetCommandLineA
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetConsoleCtrlHandler
VirtualAlloc
VirtualQuery

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ