f154021e7f4d232f969a67d3c07f548a[.]zip | Triage

Sharing

General

Target

f154021e7f4d232f969a67d3c07f548a.zip
Size

4KB
MD5

4d8895bee2211febb95da4e449ffb2b2
SHA1

a045c3f8fd0646c02b255c55d1da6bb0da8a9ec4
SHA256

dd6ed528b150abd375107eb3f6d9e98c4fa7fe61aa91c23e910e8b606b66cd52
SHA512

c25aaefc99ee8e046c070468a6cc4a9b5c938b0d639872cde7548ca6fc0864cdfd97ec68693c9dc3f37710cffb032918b5002055778c79e380bcd311b3ed05ee
SSDEEP

96:sYxS6MI8PPLyeIebG2QhlXZGKgzMxKhSsdX/y5phcnXTIbRJ1bv521NlE8kcJ:TwPPLVIe1UtZO5Es1mPcDObh2hEDe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/63463a610fea5ef1e61f1e1c971eb4f37b7eb96e12371965e7b547c31ecc3574

Files

f154021e7f4d232f969a67d3c07f548a.zip
.zip

Password: infected
63463a610fea5ef1e61f1e1c971eb4f37b7eb96e12371965e7b547c31ecc3574
.exe windows:4 windows x86 arch:x86

Password: infected

cc40fefa3af5cd00cc28dbd874038a4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
DeleteFileW
ExitProcess
GetComputerNameW
GetCurrentDirectoryW
GetFileSize
GetModuleFileNameW
GetTempPathW
GetVersionExW
ReadFile
WriteFile
lstrlenW
lstrcmpW
SleepEx
VirtualAlloc

wininet

HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile

shell32

ShellExecuteW

ntdll

RtlDecompressBuffer
swprintf

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ