2d2aa9466e9784c6fae1837f518fff45[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d2aa9466e9784c6fae1837f518fff45.zip
Size

121KB
MD5

ad11998b9e07a3aec6114b6126b9d6ef
SHA1

4d558fabec4e84e04095768b382d3a00293abff4
SHA256

132126a8c725dd97922dc3fbade97e05cb24695607557138778eeb7731913d49
SHA512

bca4d8970d1fca0be5bef0d8964b86b2de97247345ab75b8db8ccb456eb17fae12a5c393b16c01887edf57a8945c32d08cd99b4cf75b6610f191788bc3186934
SSDEEP

3072:Bi0kSps2Y9iTA2bWfM6R7wrvctgPd43ugv4H62ppFFL+Q:Bi0XoaA2L6R7KvMjbv4H62lRb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/594fdb41e3df50fc721194a3a735eba1f1a77c0e772d03faa0515dbc7d10d460

Files

2d2aa9466e9784c6fae1837f518fff45.zip
.zip

Password: infected
594fdb41e3df50fc721194a3a735eba1f1a77c0e772d03faa0515dbc7d10d460
.exe regsvr32 windows:4 windows x86 arch:x86

Password: infected

6afb34b292a41bc1d4834d26f548ecc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualFree
ExitProcess
GetVersion
GetProcAddress
VirtualAlloc

ntdll

memset
_vsnprintf
memmove
RtlUnwind
strcmp

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ