d86e514ae05789feebb53716a4ba0f80[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d86e514ae05789feebb53716a4ba0f80.zip
Size

910KB
MD5

a5f1980823bb215141393b6943ede30f
SHA1

9f8c401609f1025abe33c3d9c2bcd8ac4bcc0cd2
SHA256

0520ce30672542f4fe140e67b0e5f8f5a1a16f863b17bb521b9ff6bb1cdd489e
SHA512

931a12ee190515c2bbcea6b266e74d043a662f2e60174c11e5f480a2520090ea8dbf57a7d51bf2d406d86c61fedbec6193255c82a59e845c8c5a5f33ef10bd1a
SSDEEP

24576:MPCPhsd4X8o3E6NS/6p0DQ90mz1ct6s/jkg0qtoD8:hhsnZ/6p0886s/jWU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/85b9d2747ad3611c8f62dc338dc9c7d53e85f50f43518f1c8063469f1034fbbe

Files

d86e514ae05789feebb53716a4ba0f80.zip
.zip

Password: infected
85b9d2747ad3611c8f62dc338dc9c7d53e85f50f43518f1c8063469f1034fbbe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\dd\vsproject\xmake\XMakeCommandLine\objr\amd64\MSBuild.pdb

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ