Setup[.]exe (1)[.]zip | Triage

Sharing

General

Target

Setup.exe (1).zip
Size

5KB
MD5

75e2ac7050d6ec1a0d49a60a2162c15a
SHA1

d13da671ee46ff1d6947ac7971a68e2618ab4338
SHA256

b710c05f9ad5674224f815f5c7a8be2d93fa1ea45b1865a2c28a3fb97f77cc3b
SHA512

01ec3381d2a16d01c39e7b2ba42b93484f022dcc49c0236302c5c58e259267f89989ec03be2c5182801fdb023e537416e26b44e6f4344d35d8aa835b57ed1a78
SSDEEP

96:zQ/bs6BLn0pfvxSf4eFelfxDVYTDA+mGigifKqD9ZI0OlM8xBg:z0bh50pfwfn6RVYTDn6gifdD9ZI0oM88

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/Setup.exe.bin

Files

Setup.exe (1).zip
.zip

Password: infected
Setup.exe.bin
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\HausBomber\obj\Release\bomb.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ