8efc39221be697b473f01dd5d005ea99[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8efc39221be697b473f01dd5d005ea99.zip
Size

586KB
MD5

363e25ed74075cbed0108f8180e213f7
SHA1

d56b0eb9b3df80d0c96230a3a7be40b60177a778
SHA256

c048c785030ff2c2dc520ddb1bd2a702eff76bbfdc49bfeb3d1d70eef720fa7a
SHA512

126d38eda6ceb7710f489e93c71d30fa676f54d68bb3ea828532eef0f934bfa93dc88b3b94343c2c019cacb8f7ef695c4a1aa0b53afc9f8940a3bca8347d7841
SSDEEP

12288:VbZ1Qo6xxKK44aaBaSjZSR37VSafC09gXLSbMbp1Ip+1T+A6T:NZ1Q/xxWrwj8RJX9gbSYbp9/6T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8ed87d9e2a9fe71203c9d0c6ffd4a7879460aa28c54780c5c878ab1be2f690f7

Files

8efc39221be697b473f01dd5d005ea99.zip
.zip

Password: infected
8ed87d9e2a9fe71203c9d0c6ffd4a7879460aa28c54780c5c878ab1be2f690f7
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\setlang.pdb

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 300B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ