9798c296f64c58a9463869a12733d9b0[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9798c296f64c58a9463869a12733d9b0.zip
Size

111KB
MD5

fa17e147bd67d6d3687d5a7660748619
SHA1

802dad45d88c03fbdbb1748121db9413cd9821bb
SHA256

80ee8c3ceb4c46385ec5edc5cb83d0428e589e2ecfec5428bcb0b22799c3cd5a
SHA512

000efa9f2eaa345bb782e39cb13adcd713904942398c6dc3560e8fe016a7800b1085aa720730262dcb7aefa460d3fd34709d4aaa87a9447c0885f28e921d8dd1
SSDEEP

3072:aYHKC66IqTe1J4RT2bhec3NlpaokmXallmEshNXJWvxFP:PHKC6dqTe0T2lP9ntalkWvxFP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a01d7521e4991773058224310c9c3615a50beaffe58bcdabd11a5bb694a958d9

Files

9798c296f64c58a9463869a12733d9b0.zip
.zip

Password: infected
a01d7521e4991773058224310c9c3615a50beaffe58bcdabd11a5bb694a958d9
.exe windows:1 windows x86 arch:x86

Password: infected

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ