81c3532396cab42d669c35dcaa2e44a9[.]zip | Triage

Sharing

General

Target

81c3532396cab42d669c35dcaa2e44a9.zip
Size

69KB
MD5

9ccd43b82b3c3521b22e51bac7518bbe
SHA1

97b526e172aef472fdb004fbb1c7e1f1df280d38
SHA256

fdc640092d20ca0bd2259545af7b5433658295634efc708ada8e9f081afff039
SHA512

1cae84805e39661215cd28963dbb8878459d3254777dd738fe5a0e22330f5cd11c19c944769e883378a623170694d7a71ff478a6fee8709a7e971099b102f914
SSDEEP

1536:vXWy4eYqxNL9E0VW9dcghkOHRPz/t4isnObcWAe:uy4abBS1LaLnObcWAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/79a6f5a35f9ee6133e8bb5eca5659c0fd8d73ad1590d9c095bd289a449e91409

Files

81c3532396cab42d669c35dcaa2e44a9.zip
.zip

Password: infected
79a6f5a35f9ee6133e8bb5eca5659c0fd8d73ad1590d9c095bd289a449e91409
.exe windows:4 windows x86 arch:x86

Password: infected

908e67f8b0160bfd82132ad8738bb56b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

atl

ord47

gdi32

BitBlt

gdiplus

GdiplusStartup

msimg32

AlphaBlend

msvcrt

atoi

ole32

CoInitialize

oleaut32

SysAllocString

shell32

DragFinish

shlwapi

StrToIntExA

user32

GetDC

wininet

InternetOpenA

Sections

.MPRESS1
Size: 67KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE