ef9266ac979cedc81e59197bf71f0570[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef9266ac979cedc81e59197bf71f0570.zip
Size

55KB
MD5

13b0c09a876968fec2ac5636c149bd74
SHA1

d9a69f814d40bd050ee27816e8a29912ba9e0cd6
SHA256

da996300c081fe0f4a533f920c1d1041dfee9cccf5c0e2c834920eb2706491e5
SHA512

bcad42a1a69600b23e8055db392949e9eee4dbad8de66bbf7e0cc9f20e0f679be52fc8d3e01614b3488285733369054d3f4d712f775e6a17b74c3a83d68eb794
SSDEEP

768:XQO9+4MKBWlLmoAJiAchSkkdFlw9jV+QikYjdrbpmaV5rLR/F5dfCYEWlphQEgq/:gOg4MKoMzNdwVnmWIfF3fCYHxp0g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/19f797ad9946d4b4dd6d4e898881951c908e971ce2c8e312dec314ace2b05ce5

Files

ef9266ac979cedc81e59197bf71f0570.zip
.zip

Password: infected
19f797ad9946d4b4dd6d4e898881951c908e971ce2c8e312dec314ace2b05ce5
.exe windows:1 windows x86 arch:x86

Password: infected

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ