MDE_File_Sample_c30b8d5693823ea419a3090cd56c724480192de2[.]zip

General

Target

MDE_File_Sample_c30b8d5693823ea419a3090cd56c724480192de2.zip
Size

348KB
MD5

f1810faa8f61b979e1bb1cedeebbdbd8
SHA1

d94aa98a926f32c984d2828cf3bf470b559670ff
SHA256

a5d4f314c97cea58d6d1e45cee143da4379d6d8a07aaee6daa410028b2a84b6d
SHA512

8d311b3f6e5a5e297a1e2ec362e4d211716b5d5e7679dc891dc836f3a16ebbdfa707fbf74f3d54081ecc9b2d012da5fc77104b72f941d44e099dd3b5a2de40be
SSDEEP

6144:j4pHvJ9A7/JkFXotDsIf5SSMbyhu4pSjxSgu7YoS8Kai8mmue4uM5:8BxA/JwXoWIhxzhbpSJu7YQKai8mmuZ

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/msbush.exe

MDE_File_Sample_c30b8d5693823ea419a3090cd56c724480192de2.zip
.zip

Password: 900900
msbush.exe
.exe windows:4 windows x86 arch:x86

Password: 900900

c2e1cae882d39aad76257371d0930826

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
LoadLibraryA
GetModuleHandleA
GlobalFree
GlobalUnlock
VirtualAlloc
CloseHandle
ReadFile
GlobalLock
GlobalAlloc
GetFileSize
CreateFileA
GetModuleFileNameA
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zexe
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ