eb78bdf9fbafea860d1292715ae42375[.]zip | Triage

Sharing

General

Target

eb78bdf9fbafea860d1292715ae42375.zip
Size

1.1MB
MD5

8a0986824a6889241359925437912be1
SHA1

6e77ba568893342cd1a9544694306107776276a8
SHA256

288f33a957bd18d1404d53d7c2f6651cb33c5e19760a5270dd8048ab8a858c1a
SHA512

ba7a8c056149ecb5ef78fb689643cfe7870264ac01f3981d2298136c881c0bec40449ae63b30e5fb0f079f6cd29c42c7a4b04ba887377c34ed22a8776a72808a
SSDEEP

24576:HgWtMcwKpMNAJnm8lkysLUUo1wCBVDc2IR5TzgRuTS:B6bGnmmcU1wwdIRaGS

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/fcaab7d20b29355a1d50b575784c54b261bd708fa1465e0d6dd2b6fb8caa51c7	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fcaab7d20b29355a1d50b575784c54b261bd708fa1465e0d6dd2b6fb8caa51c7

Files

eb78bdf9fbafea860d1292715ae42375.zip
.zip

Password: infected
fcaab7d20b29355a1d50b575784c54b261bd708fa1465e0d6dd2b6fb8caa51c7
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE