ffa5a9f16ca81122f261390d0c9a3b53[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffa5a9f16ca81122f261390d0c9a3b53.zip
Size

215KB
MD5

43d55ec1729354f52b68e4a1447c7b89
SHA1

622d9331869a78d7f67afb4a5cb0119a31e6a10c
SHA256

b11c0297c671149ec4c3eed03c29c05805d4411a95052957411f5e946dc51c33
SHA512

9b3c594769adb9e6b666d8a913cca7c246b5197f4a9214439b19fa92cc5cb675f2a1e67531b545092861c0862b46b154feded2c25e1528f11dd9004385aee04c
SSDEEP

6144:XMrWBVvBUN7qRKj6IHov+HId7wQtritmWCwVRpjUNKL:crEINHWIe3ttritRCoRNL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4c7fe010ce342190b203f7f8b72ca3f51c83eca015447376d5ddb89d3c4c3c4d

Files

ffa5a9f16ca81122f261390d0c9a3b53.zip
.zip

Password: infected
4c7fe010ce342190b203f7f8b72ca3f51c83eca015447376d5ddb89d3c4c3c4d
.dll windows:4 windows x86 arch:x86

Password: infected

eb8ce8d6456329b7038389384482d394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

mfc42

ord825

msvcrt

tolower

kernel32

FindNextFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow

advapi32

RegEnumValueA

ws2_32

bind

shlwapi

PathIsDirectoryA

ole32

CoCreateInstance

oleaut32

SysAllocString

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

netapi32

Netbios

Exports

Exports

Dispatch
InputFile
PrintFile

Sections

.text
Size: 322KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE