25f4d5dbd8346020f8c10b150190302e[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25f4d5dbd8346020f8c10b150190302e.zip
Size

511KB
MD5

f3c7f2ded353fe8b569147c18cb7b7ae
SHA1

e42ba5ab9c2a10ee24261e54a49c008d12984db7
SHA256

c02aa52a579db9975a9923b15fac19b3708c1d0bffb3377487891d639f15361b
SHA512

bce6e3962680a2ef15bcb3d13f5d48e1d4e8a1d06430b72de292d28944bba53ee079b73bcc374c117f07e3c15f31171423bc9a3e8d6a4f0732617482173a6eb8
SSDEEP

12288:zE60M8hc9R442E4FbuB9Pqwsn+BYe2/E6ZYbo21z4NrpCXeVW:zJsEmETBowsdpYHWCXcW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3a33dbd56154dc31a5b35447259b9cf5595d0fbad6fcc2e8e6cc84f1d7b6c923

Files

25f4d5dbd8346020f8c10b150190302e.zip
.zip

Password: infected
3a33dbd56154dc31a5b35447259b9cf5595d0fbad6fcc2e8e6cc84f1d7b6c923
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\iecontentservice.pdb

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 280B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ