db0642b99f1f04dcbee8ff888c75f462[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db0642b99f1f04dcbee8ff888c75f462.zip
Size

91KB
MD5

0ba8a9d5852542550e2b5660caa3c2b7
SHA1

4268d8861f890d9469120449ab64a0ac518d3dee
SHA256

2c1d58a6842c4db71f47a445d5ddf474f59c1cbb78a5faab34a0cf7fd9f070b2
SHA512

252438c33e86a24240e4d566116b8694af96ec577b631ff6a536ee9a099688a3f5e2f8b5315268f27fdeb95a666012e15938f326b25fe35270ce639b58e6e506
SSDEEP

1536:c67gfjHXUU7StXkmi5fK4qznxbzu1LP80VB2uDcrImH9Fe2YmGLiBu0:Psfj3UU7SemiADNzu1LbWQcLHjempP

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/3a95770a4b278291dbd67600c170b099537faa383bef79fb3b1855150a9365cc	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3a95770a4b278291dbd67600c170b099537faa383bef79fb3b1855150a9365cc

Files

db0642b99f1f04dcbee8ff888c75f462.zip
.zip

Password: infected
3a95770a4b278291dbd67600c170b099537faa383bef79fb3b1855150a9365cc
.exe windows:5 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 63KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

JHDFRWG
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE