fa42d572f1d53e68d41aec73011ed9cb[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa42d572f1d53e68d41aec73011ed9cb.zip
Size

55KB
MD5

abebc04809ce2f53efafa02e09520d46
SHA1

0c6420f53f956a6db3a54a7638340f20d08959b6
SHA256

07155262a423ed751fb58d7351f7c860b1990cf8fe4729fd8f808a1bb272b2b4
SHA512

659e84bf311b4e685bffb9e472822363e03d5c59239370c5adb3ef6127393862eb597d19f42f3e3eeb3f5ae0af5c69d942704ccdcb6de15dedc7f9492f46b0eb
SSDEEP

1536:82j2ndIIBcQoHRl+XwivD2SY4tqEm3JMqk/M0l+6TLT+Q9a:8cJImTRlBivptxC+Eg/a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/598ec45aa2292b69caf76b36cf2fdbd22e4252e6e222560d37346543ed8de495

Files

fa42d572f1d53e68d41aec73011ed9cb.zip
.zip

Password: infected
598ec45aa2292b69caf76b36cf2fdbd22e4252e6e222560d37346543ed8de495
.exe windows:1 windows x86 arch:x86

Password: infected

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ