ba56e23c39d79846000a758785103ba1[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba56e23c39d79846000a758785103ba1.zip
Size

58KB
MD5

163f6a4334142d52fce8726217571e32
SHA1

a557dec339a3284d464487c4a7ebc83702265199
SHA256

c5e43aabd2211e504bb94865617bdf4acb139bcefd4b4af6152232b740e98f10
SHA512

65c42f6432ced0221d377815b2fe9b855981342fc4fa7e074d6085845f72901b28fad1cf37a5c46ef6a0f43662eeee9723e495d42da48581c1ae0d9732a6b001
SSDEEP

1536:G813N2/LPR61lqXLe0FU+nZnK+2gU1VMv+FiQ:33kDPR6SXLePqnKuGN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5b7f08d10906dba98552a4f22779d80059be092fe083ab3844fafee56fad2a00

Files

ba56e23c39d79846000a758785103ba1.zip
.zip

Password: infected
5b7f08d10906dba98552a4f22779d80059be092fe083ab3844fafee56fad2a00
.exe windows:5 windows x86 arch:x86

Password: infected

b892955ae494fe908bdf52e81e1dfa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

HSUDHUHW
Size: - Virtual size: 148KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HSUDHUHW
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE