d716d9147653ecd6985a652583f10c16[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d716d9147653ecd6985a652583f10c16.zip
Size

58KB
MD5

03afb01738609342dc034701e130930c
SHA1

f59d26e7f9f4b0e992f239749271c79f5a507ecf
SHA256

09c7e3615a72cf7308212819dff909b4b89d06eeb0f25d7770ff186d90e89256
SHA512

766e3e9917cdc27505887f91cb1e9a5402a3bad545047e56493d05870e6762700b11d91c15d2edf87a910e9ae8a9f20ebcb358f7ef31f5b9cf1d760e534cd2bb
SSDEEP

1536:7qQXdzKxtDcgzsgiP11AshZhz0glyc7iwxUeSI5x2dsQJlQrwSNBf:mGutDzsgiPTDhLzbWI72Ax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bff51fac1c866c6a17587d34ba432be97d4dcbfa6057503c4ce3af093b1e880a

Files

d716d9147653ecd6985a652583f10c16.zip
.zip

Password: infected
bff51fac1c866c6a17587d34ba432be97d4dcbfa6057503c4ce3af093b1e880a
.exe windows:5 windows x86 arch:x86

Password: infected

b892955ae494fe908bdf52e81e1dfa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

HSUDHUHW
Size: - Virtual size: 148KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HSUDHUHW
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE