ea6b8a444ac84e9af4e879ce16c37ff2[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea6b8a444ac84e9af4e879ce16c37ff2.zip
Size

166KB
MD5

731d2c442b2cf6fc3a0fe5bff044101e
SHA1

804be880d03e1bca3b3042c871e6d5f6c582ac3d
SHA256

1cbd032c682019b00f4590817698d2ddab40edde6c0a6704fac2856938252ea4
SHA512

6c0454b56a7232f25308f78af942fd8ac2e94d31f7ca0bf237ebd421130d3e8892ac32fc62fcd587ff732145bd37937c487513fa8ac89b793e9eff11f815ae12
SSDEEP

3072:DzoeifY3J88f+UlFQFv2+XRzD2yV3dAlKktuyHLA6OeV+JGpo9yaidIhl:DzN1JZW0se+XZi1lKktuyrALeP8y+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/25b5562d7367c5d6b3ba1e972f7dc163d8a420f828f517f6f7d12eb0ba503605

Files

ea6b8a444ac84e9af4e879ce16c37ff2.zip
.zip

Password: infected
25b5562d7367c5d6b3ba1e972f7dc163d8a420f828f517f6f7d12eb0ba503605
.exe windows:5 windows x86 arch:x86

Password: infected

45b3bc45f71f6d9e40582b43454bd6fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
TlsGetValue
VirtualAlloc
DeleteFileW
GetModuleHandleW
CreateEventA
SetSystemTime
GetCurrentDirectoryA
CreateMailslotA
LoadLibraryA
SleepEx
GetCurrentThread
OpenJobObjectA
GetShortPathNameA
MoveFileExW
WaitForSingleObject
OpenEventW
TerminateProcess
CreateFileA
RemoveDirectoryW

comsvcs

RecycleSurrogate
SafeRef
CoCreateActivity

ctl3d32

Ctl3dEnabled
Ctl3dCtlColor
Ctl3dUnregister
Ctl3dGetVer

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

udata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_MEM_READ

.relc
Size: 14.6MB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE