056fc16c670d759db9b7a62b15836eeb[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

056fc16c670d759db9b7a62b15836eeb.zip
Size

570KB
MD5

bdf5e3556a57688dbd1fe77fb67b3ecb
SHA1

898b076215a2453ed171bc4bb9eacef9013a8a10
SHA256

6029a6597a45654ca6c3a4e4301c76e8f99e00220d9345564ece267959f53499
SHA512

98bfb3df61be1c1589f32f65d91a8e056df650797307bf2e0de09e3f2b4986d364d006d892646fc386e2c672fe6f3d5487097844e9c024ea524ebc1c6aadda13
SSDEEP

12288:LIK43LdF76Pxnr3JCa6OoluhzgCTddJdJnWAS2bL0:eLdF76Ppr5zoKdvWr

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/2a9990a4ff8eacd51f55e6a92fe8c1bad669a4fca24180e99c5e959ccb8e36b0	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2a9990a4ff8eacd51f55e6a92fe8c1bad669a4fca24180e99c5e959ccb8e36b0

Files

056fc16c670d759db9b7a62b15836eeb.zip
.zip

Password: infected
2a9990a4ff8eacd51f55e6a92fe8c1bad669a4fca24180e99c5e959ccb8e36b0
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ