41cd94048b4bdd9d8621cc049bc6a759[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41cd94048b4bdd9d8621cc049bc6a759.zip
Size

462KB
MD5

ea9c678dc4d621fc8fab285046372ba5
SHA1

1dffc16d1a1c2a926b9cc432190a14d5c02350a3
SHA256

36b2eddbbdc6b800089693d05aa7a0e1a3e7e36f01e93dc4274d72d578b24f72
SHA512

618f4e32d40bcd341acfb62757638ae3c2e1f3ea38c43d6082032e4286959cf3546b5911dbe7c85765c71a54b9140822f0fe110f3f4e308ad3b1f5e1ed98e09f
SSDEEP

12288:YsEgU10syPrQIGhoXvW9yiuxyMtIiTr/zmAtVyl:cgcTyMGO9yikypiTnmAf6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/87877855d2b5a80ed1ccb2fce6f144ba106e0dd4aa13eb198003036aaf110fef

Files

41cd94048b4bdd9d8621cc049bc6a759.zip
.zip

Password: infected
87877855d2b5a80ed1ccb2fce6f144ba106e0dd4aa13eb198003036aaf110fef
.exe windows:5 windows x86 arch:x86

Password: infected

ac99a5a6590e07f40380584be971cd01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

msimg32

AlphaBlend

gdi32

Pie

version

VerQueryValueW

ole32

IsEqualGUID

comctl32

ImageList_Add

shell32

ShellExecuteW

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

Sections

.MPRESS1
Size: 458KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE