3d4304ba2c1458d90eca318691db69be[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d4304ba2c1458d90eca318691db69be.zip
Size

462KB
MD5

2cf9b74bd0cf80d6331d422b7997dc62
SHA1

10a2e855a5e4208dcc1620f14bfe26e824feb70b
SHA256

914696208ddb56d642e892e2f5deaeef121c6717c3a0b82e5cbf1c43cd77c7a4
SHA512

cdb91a79136db082844f7955cb0d43170f6041d9af7cbc3e337fa3a37d4c4da225d326008f5f17819d1f7ecf88e0f8685fbf5c3376f025715cbe4901b1da42c6
SSDEEP

6144:FluzWRuf40lMAHwtpSQm0xFynEdwMEYbPWL7HuCLABq7pKiCYKSK8FsW7DzS1x00:bGWkf4yMQkL/nyEYYT0aFiCYKSXJDzdY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0fefaab62435664c90e8765f8c3be18445710a78d003d9288db5ba6a82c1322f

Files

3d4304ba2c1458d90eca318691db69be.zip
.zip

Password: infected
0fefaab62435664c90e8765f8c3be18445710a78d003d9288db5ba6a82c1322f
.exe windows:5 windows x86 arch:x86

Password: infected

ac99a5a6590e07f40380584be971cd01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

msimg32

AlphaBlend

gdi32

Pie

version

VerQueryValueW

ole32

IsEqualGUID

comctl32

ImageList_Add

shell32

ShellExecuteW

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

Sections

.MPRESS1
Size: 458KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE