be016d672f6f060db0bbe5a026f2c2bd[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be016d672f6f060db0bbe5a026f2c2bd.zip
Size

6KB
MD5

c2c9c54303d2029c2485dc45affc3bdd
SHA1

eb8ff23dd4e4dc2c4f1cf7f2a15214f1c5b3004e
SHA256

23874afd28a1ea9f950ac88e527976f962d577a9a9f79fe528ade827a67d9ec6
SHA512

2b2bfdf036a04d0689138a1c2f10c55db1d5d81b4971ff1f39dbd51e9966fb9dca784f321d6b0ea2abbdb56d49a666cb7a7c9685c62da1f1c1377ff533c65973
SSDEEP

192:UtVY8ZV/0L1fKCHGYCVIT9e3EEOIZvtXdY7:2Vt0oYrT9etvta

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8014d783c82941c46f25a713d5f0bfc0cff75e3332d7f04f8fc86b94cb6eac10

Files

be016d672f6f060db0bbe5a026f2c2bd.zip
.zip

Password: infected
8014d783c82941c46f25a713d5f0bfc0cff75e3332d7f04f8fc86b94cb6eac10
.exe windows:4 windows x86 arch:x86

Password: infected

802dcac7aab948c19738ba3df9f356d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcmp
memmove
memcpy
strncpy
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
HeapAlloc
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTickCount
TlsGetValue
CopyFileA
WriteFile
HeapFree
CreateFileA
SetFilePointer
GetFileSize
ReadFile
EnterCriticalSection
HeapReAlloc
LeaveCriticalSection
TlsFree
GetLastError
SetLastError
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThread
DuplicateHandle
CreateSemaphoreA
CreateThread
ReleaseSemaphore

Sections

.code
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ