f20f2b4e8d866d078070e03efda913f5[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f20f2b4e8d866d078070e03efda913f5.zip
Size

148KB
MD5

cf5069e5d284f4c1cf8ff3a45e857afd
SHA1

8cc409d7508e51155ddfeae4da4627462407c587
SHA256

01e03e7cc22ef1b4875e66324cb9eaacec8c4d4023c7a310081021ead52789cd
SHA512

92e9a1d6f82bfdc262afcefc2c92714848626b6f12c4e456f7d6bcafca1c774f34eb1dc691621c6ff97f0c73395be6a81749651851b3a9689b80fad62289bebc
SSDEEP

3072:qKWkPrc+zCLn1rmmaAXTtX2DrD/ZO+7LLbZ1vVWHnhOkPq6Oj1uV3nEYt:qKvrsnsmnXTtGTh17LLbdMMkP2uCYt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e2cb45c5db77d6d92b55249502c2b4812638423cd13e617b1bc6d2fc357a6e56

Files

f20f2b4e8d866d078070e03efda913f5.zip
.zip

Password: infected
e2cb45c5db77d6d92b55249502c2b4812638423cd13e617b1bc6d2fc357a6e56
.exe windows:4 windows x86 arch:x86

Password: infected

9ffc59d97fa7bc95242d6970ebf528e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
CreateFileA
VirtualAlloc
GetOEMCP
GetCurrentProcess

user32

LoadCursorW
LoadCursorA

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_acmdln
__set_app_type
_controlfp
_except_handler3
exit
_XcptFilter
_cexit
_exit
__p__fmode
_c_exit

advapi32

RegOpenKeyA
RegQueryValueExA

Sections

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata51
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ggg22
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ