19494368268[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19494368268.zip
Size

41KB
MD5

ebec3c43895de2a56a48865499c868c5
SHA1

f0f523c4cf7fc4bf666ffc0d56941308928c919f
SHA256

ece1fb3b2785c7f1ca878e40531ae7e3bef5503552857365bf262b7ba705ba74
SHA512

3b9499856f485b2aa7a83ea87f6b8230ce8076f6e1147231def879df1ac43949c59993694b0ff7b6106387139b0a1178e396c2d1a312f4952e46caa3716c659b
SSDEEP

768:BPIevw3lRK1cpfYyzobywx3fvc/RncIhIJ/4wZNYR/naOMI/XWdtZDgsny5guwuf:BPHwbKfyzobywlXARn45H8vaXoWtnyuE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a4e835aa0635685e39e7dd112bc5f1b937bbad1b95c7a4fe9c53fcb31da54c79

Files

19494368268.zip
.zip

Password: infected
a4e835aa0635685e39e7dd112bc5f1b937bbad1b95c7a4fe9c53fcb31da54c79
.dll windows:6 windows x64 arch:x64

Password: infected

5a3bf4417f1d74abdae567c8ea7acd97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetComputerNameA
GetProcAddress
LoadLibraryA
Sleep
DisableThreadLibraryCalls
ExitThread
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime

advapi32

CryptReleaseContext
CryptDestroyKey
CryptDecrypt
RegCloseKey
CryptImportKey

msvcrt

_strlwr
_XcptFilter
malloc
_initterm
free
_amsg_exit
__C_specific_handler
memcpy
rand
_time64
memset
srand

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ