36c4a3450e144988d15af918dd3ea1a5[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36c4a3450e144988d15af918dd3ea1a5.zip
Size

91KB
MD5

8786c20064fada3167780835236b9735
SHA1

70cf5a3ba5b5cfbd40c1e4147e914755a4c69bf8
SHA256

42af42891cc2fa7822d895c22480440107d07d30b9692e18778e0b5a1404f27f
SHA512

9373a3ae6527e214b2f6c9f83fc60478530b8aed0f43651aa3a74242fae1dc244f576f2dbcead1c2a30f5871f673871fe3826affc4c9637b7a5bfb522d02b77c
SSDEEP

1536:fhQZZXFIVAc2DTXLpBa4reSpdZh02cGX0Cvps9XnHoENL2ZKOTqXZjCA795K:fmZZXzc2PXO4ZbcGX0Cvps9XxCDoZeAG

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/4e69e59bc3a957b15dcce06de7dff32cd8791144a3bb7b621c8d6caece6bacfb	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4e69e59bc3a957b15dcce06de7dff32cd8791144a3bb7b621c8d6caece6bacfb

Files

36c4a3450e144988d15af918dd3ea1a5.zip
.zip

Password: infected
4e69e59bc3a957b15dcce06de7dff32cd8791144a3bb7b621c8d6caece6bacfb
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 63KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JHDFRWG
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE