d011265b0741ed996ae6f1482daf63b3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d011265b0741ed996ae6f1482daf63b3.zip
Size

437KB
MD5

defc3e414f73e866ecaf8bcb07bad8f3
SHA1

0c43234b2f3c0b4dfadc5db38218302bd44e60e9
SHA256

54700d392f232106771126f316e60e10c0b893d3722ca2845c1b6b500d80417c
SHA512

85ed90adf017441d39a7b7385a45a9bc4266571d5ba5d6404e438909b61155a5a5b5eb3b2d55be99b68c98e1ebdba2dc7ce4d8819c77385706bab6d2427fc254
SSDEEP

12288:cUA1GXYA1G2R83JzeGbKQbRXEeggy9S33:cUA1GXYA1Gq8ZzeuXt1H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e0bd9521939d8f0ce9011db2fc446edcd6618a6401e2dd3b1a63a3b4171b2801

Files

d011265b0741ed996ae6f1482daf63b3.zip
.zip

Password: infected
e0bd9521939d8f0ce9011db2fc446edcd6618a6401e2dd3b1a63a3b4171b2801
.exe windows:4 windows x64 arch:x64

Password: infected

49890eaca7e89eb1836c5f8eeaedbba0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

cygwin1

__cxa_atexit
__errno
__getreent
__main
_dll_crt0
_impure_ptr
calloc
close
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
fprintf
fputc
free
fwrite
getopt_long
ioctl
lstat
malloc
open
opendir
opterr
optind
posix_memalign
printf
program_invocation_short_name
readdir
realloc
stpcpy
strchr
strcpy
strerror
strlen

kernel32

GetModuleHandleA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 480B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

49890eaca7e89eb1836c5f8eeaedbba0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygwin1

kernel32

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 640B

.rdata Size: 3KB - Virtual size: 3KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 512B - Virtual size: 276B

.xdata Size: 512B - Virtual size: 192B

.bss Size: - Virtual size: 480B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 20B

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 640B

.rdata
Size: 3KB - Virtual size: 3KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 512B - Virtual size: 276B

.xdata
Size: 512B - Virtual size: 192B

.bss
Size: - Virtual size: 480B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 20B