515ec1446cd19214dd11aa7ffaedc360[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

515ec1446cd19214dd11aa7ffaedc360.zip
Size

227KB
MD5

1b5363fb138a55f6902b32dec4e1f646
SHA1

98e79736a6276cb1eea11a38896500fd19d47946
SHA256

3dc96ea9c5031e58e6a60be2e998ca6fe3032f55a4e2e0ae6bc6a79116559d5a
SHA512

f0925450359c578b56268562f43f1b1a2dcff6f33bbda1b8b30b4920a9c15d953cc3a442c3803ffc30f7574c7c0cf10661627501ccb3b063d0a396aefc76fc75
SSDEEP

6144:bFis2TXIMPgJs35dqGfA/mcsNx90yIn/HBYLoWb6:b8so4MPX35dvfpb90n/HOLoWb6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3c2e134cd3931e5d634024867d8e16ea4dbd28f7a0245e97198c0bd407cbd835

Files

515ec1446cd19214dd11aa7ffaedc360.zip
.zip

Password: infected
3c2e134cd3931e5d634024867d8e16ea4dbd28f7a0245e97198c0bd407cbd835
.sys windows:10 windows x64 arch:x64

a96fa9912e09e361274ad77f1a4b252c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

csrss.pdb

Imports

ntdll

NtSetInformationProcess
RtlSetHeapInformation
NtTerminateProcess
RtlSetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlUnicodeStringToAnsiString
NtTerminateThread
RtlCaptureContext
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
isspace

csrsrv

CsrUnhandledExceptionFilter
CsrServerInitialization

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ