799ca44c0f470db4609a49741a81e190[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

799ca44c0f470db4609a49741a81e190.zip
Size

176KB
MD5

9698db6e1583d6d93eacb150aa313ba3
SHA1

22272578b013a297949c0028bd9cd3705b87f5b7
SHA256

95877a3924865e29bcd4f947f44ea6224dbceb75528de1cc13487fff8c9bd546
SHA512

074a9bb7bafc742cc2f37190d9290a770f8849c841ec5e116fd9b1ece21bbc27ee73621a5c2658d539c915a5257baf2581655a773e8b8c4ea00e77ab40bb20f0
SSDEEP

3072:9IzXBw2QP89KfOW40DVu9n398AXGDSYyUFbIQ3gTwNBpssF5C4hNFVEvP9FO71yv:eX9QE6fu9N0hhIaSsBhyF01yBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fd3099cb153543c3836ddc261cd56be7c92549a0a0a152c841799e850d2d5134

Files

799ca44c0f470db4609a49741a81e190.zip
.zip

Password: infected
fd3099cb153543c3836ddc261cd56be7c92549a0a0a152c841799e850d2d5134
.exe windows:5 windows x86 arch:x86

Password: infected

f020e1a2feae651f7ce88318f285b500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

gdi32

BitBlt

advapi32

OpenProcessToken

shell32

ShellExecuteW

ws2_32

WSAStartup

Sections

UJHFFTRT
Size: - Virtual size: 580KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UJHFFTRT
Size: 178KB - Virtual size: 180KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE