Security Defender[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Security Defender.zip
Size

1.4MB
MD5

f0c0f92e6d444f8d3c60a0b49f642462
SHA1

30b844e8d96b5b9866e01a6f74c8ac4edaf75878
SHA256

e74925bd172fd72370ca7ccc5c48294e83c56dbc7a9c2ef33c2ac22e19803758
SHA512

697c5cab839dc260cda851d1d164555cc723449ab00b66ebb34eaa9a91c686424b5042a303cbe500208c34fd7c96c876d7e92506fa36a9cbff0a9037dd1bff6c
SSDEEP

24576:Ca/D9aMH95/yTCjrz6oOzj0afgIN5j6sXTRzdi9IR7749FJsNk+:dL91Hb/lGVzN1Tfss3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[email protected]

Files

Security Defender.zip
.zip

Password: mysubsarethebest
[email protected]
.exe windows:5 windows x86 arch:x86

Password: mysubsarethebest

87bed5a7cba00c7e1f4015f1bdae2183

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ