e378d3f778813ba3fb15165e91256d15[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e378d3f778813ba3fb15165e91256d15.zip
Size

222KB
MD5

04f92494477f26e6736c4105c4d04c9f
SHA1

48de1e6681c3be30da891b88d049c4fe13f20d02
SHA256

d642cddab1d8f870bf4f3d48919b28ac57daba45e97a055754610ce047f8835c
SHA512

cd02d04fb822f63d7d64199671238546320f74635409374fc058e9a65113c44b5c822dd3493fb4f71380434d09b520232ad5669fa34844888ee82ec72532bcfb
SSDEEP

6144:Pk6TM8/PHi/Fs5VRyQtv7aKi5qmDSYCfuju1trCy5:xTM8HHitsXJ+LSYCfu8Wy5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/95e002d6e66071cb56b6da7c19bee6697e99b750dedf0b55f248c68eb9bf2a16

Files

e378d3f778813ba3fb15165e91256d15.zip
.zip

Password: infected
95e002d6e66071cb56b6da7c19bee6697e99b750dedf0b55f248c68eb9bf2a16
.exe windows:1 windows x86 arch:x86

Password: infected

9c0050334da711b5147027326c52827d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetFileSize
GetModuleHandleA
CloseHandle
GetTickCount
GetWindowsDirectoryA
CopyFileA
LocalAlloc
LocalFree
CreateFileA
ReadFile
RtlUnwind
WinExec
WriteFile
DeleteFileA

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

__GetMainArgs
exit
memcpy
memset
printf
raise
signal
strcat
strchr
strlen
strncpy

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1024B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ieoo
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ