3c1c4c7c8a9bfa10795245c451ee4d4b[.]zip | Triage

Sharing

General

Target

3c1c4c7c8a9bfa10795245c451ee4d4b.zip
Size

761KB
MD5

f346af214d48878e9877a981cbd6d627
SHA1

3ed89fd369a721d87db1c64eadacb0b14a35e60c
SHA256

4cf18bb3c23f417a46d121d124b4db2cf8bab7412adf1a0b302f6d2dd78d26f1
SHA512

7637ab3a50dd0eb619d60c537605c3a5f7d9a64f82b27d2857302f4409d4a2e15f5f9883091d0abd902d22d60e08ae4125164de4a96dddb5245402f25b9a3d66
SSDEEP

12288:JulEI5fKS2YAJWtkeWK13tPHXU7hH9HkITxeByvcLuPxahRKeeBvjrvhk6PSsw6E:uESKpWtkeb3B3U7hH9EITxeBUSMxaKT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7a92cd924373fd0172b78ac843b4198e543226864e404d0755123c362bc0a38f

Files

3c1c4c7c8a9bfa10795245c451ee4d4b.zip
.zip

Password: infected
7a92cd924373fd0172b78ac843b4198e543226864e404d0755123c362bc0a38f
.exe windows:6 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\Office\Target\x86\ship\postc2r\x-none\setlang.pdb

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 300B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ