f346c41951bf41c4dcf9bcd9e6c89fb1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f346c41951bf41c4dcf9bcd9e6c89fb1.zip
Size

633KB
MD5

4df275d2f82349d200ff7a580d52b686
SHA1

01e85d6a85d6de51861bb7ecafeec9f042aad05a
SHA256

1b22f91d0b7bb6f4319b476ce81407bb7bf994ee7b9d84c6e7cf0dbbebafbd48
SHA512

19bed62087f7c90b2cc4c46895b0eff280efa4ab21b0abd6221e847777bd13eae1125908e1d1480ed30dcda933705afdc130b4b5f40213e4c1c4c93091fb2541
SSDEEP

12288:EC+clSpauthn6/b7RnEn5c/gUWaiPzccXWVoOyUBEXNm/9uF3kUu:9Spauthn6T7NmG46UIcXub1EXNgcu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f34254a11ac9e779d7bd3a1f33598e193ca9b4fad9308afbc3c39bc4056185d

Files

f346c41951bf41c4dcf9bcd9e6c89fb1.zip
.zip

Password: infected
6f34254a11ac9e779d7bd3a1f33598e193ca9b4fad9308afbc3c39bc4056185d
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\onenotem.pdb

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 360B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ