7da5d5b72a257df63e8b71a9b7f1d1357ec316af4d4e3b7245bd83b665ad08b9[.]zip

General

Target

7da5d5b72a257df63e8b71a9b7f1d1357ec316af4d4e3b7245bd83b665ad08b9.zip
Size

243KB
MD5

b4a8c360d0240746e3fcf7efd6cef759
SHA1

607c73ff72998715927710fcb5d3051c8a0f51cb
SHA256

448e4a03f611499d019cd18f1968a274766a356382fbd4b857c6fe7f4ad53516
SHA512

cee0204a6e89616ba3eb0261491cd7a9286e38dea309617370cb82eef22873dd7ecb6a3f70991bcf69e07d3d0d82a0d17a1b4342a5cf1f92b9f27f72085e89a1
SSDEEP

6144:F9RLDPc1PXF2uq+LyhxVERf7zfkNUzhZGUoPn:fRHc1f7L4xVEl7Q+G/

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SharePoint Kerberos Buddy.exe

7da5d5b72a257df63e8b71a9b7f1d1357ec316af4d4e3b7245bd83b665ad08b9.zip
.zip

Password: infected
SharePoint Kerberos Buddy.exe
.exe windows:4 windows x86 arch:x86

3d05135032f86cc84003861744e4f532

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
CreateFileW
VirtualAlloc
GetProcAddress
LoadLibraryW
GetModuleHandleA
GetCurrentProcess
CreateFileMappingW
GetLastError
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 248KB

.idata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ