046b79cb63d390cbcbac9387268d872e[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

046b79cb63d390cbcbac9387268d872e.zip
Size

913KB
MD5

8655d4b2957bd97660103e6b5b0648bf
SHA1

c230fc2d5c37f67db2f8e1219c7eab69572ae62d
SHA256

f13e17c1a137d36a22610b0d342da135e919d2420c95f5c13d535fc43d385c28
SHA512

5a08ee36ce1dfd663d2066f9ceae812698986ec7e5c40fa767dc25a1061aa21e9acc40e890773116ebd99a534e1a8b4315e7be60426ad11c2f91bba952c18702
SSDEEP

12288:iR8Qnlh05ECsj8qRO48e8jfKDe/7HCQ7uwTYx/VpDodgtITN59IfkdUdMMichGfj:o8QnYX88ezDg71uwGz/IH9YzSHCdU9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/95a03233450d51190bd7749a2c980e9b4c4a54031bcda55cdb3b11b470825b55

Files

046b79cb63d390cbcbac9387268d872e.zip
.zip

Password: infected
95a03233450d51190bd7749a2c980e9b4c4a54031bcda55cdb3b11b470825b55
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\msoxmled.pdb

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 280B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ