2e3f45421e9920b0b00ca807ee62331d[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e3f45421e9920b0b00ca807ee62331d.zip
Size

413KB
MD5

d88e57bff33ef69a7a74af8951d93d17
SHA1

59ab0f51cef9844d1335f82e2e8065e8227255e8
SHA256

529dd108eff5c91d333611031f014e7894ff1d50241c5850c7d55da88730c4a3
SHA512

6058155dddd5eae74767ac862cb2dad4f5ab147245ce7cf00dd9893f0768298f4b6679ec1944a71c27f988db90308dcc6d22c39eacf4f22710e1a30d6b489242
SSDEEP

12288:BhcbJuwgg+UV12FvMd2xtSnnxERqDREIryszpwb0:BibJuw2UL2Fv5xtmiReqI2syb0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7a110bc2788ca58dca5186f85ddf98f71e26d28a0fb44914ee32973adfe8863a

Files

2e3f45421e9920b0b00ca807ee62331d.zip
.zip

Password: infected
7a110bc2788ca58dca5186f85ddf98f71e26d28a0fb44914ee32973adfe8863a
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\iecontentservice.pdb

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 280B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ