fa6d9ba5c6f13c7686a6e76a415ed258[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa6d9ba5c6f13c7686a6e76a415ed258.zip
Size

139KB
MD5

79ebf2c4f205ea5861fbc1299cfca8bd
SHA1

1de5414a59f02d5c5154d108bac8719aac014c13
SHA256

f1408719eba6e256a8f55ae0bcd7e1779eb205338ba15b4bbf1bf71788a1593d
SHA512

76d4f85f0787634f2348e56089e12d91b5e71dbb9439862777ebf7973f064ddb77367646893c52a4f66191f141649e36f65f186d481121be3e02709c6c19c423
SSDEEP

3072:N6dTzFUDf5nAGbV6TBzDbefnYGg4XU6ogLpiLWebPN1JpEh794R:sdTJm5Z8TB7efndAELp2WaF1nE7e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/af328b3330d19dc57672dde5d922c4b3b19a222cf5d126e96ab2c5182936357b

Files

fa6d9ba5c6f13c7686a6e76a415ed258.zip
.zip

Password: infected
af328b3330d19dc57672dde5d922c4b3b19a222cf5d126e96ab2c5182936357b
.exe windows:1 windows x86 arch:x86

Password: infected

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ