1aa954280ff704582990fa686a91f1d142b21000a36a5[.]exe[.]zip | Triage

Sharing

General

Target

1aa954280ff704582990fa686a91f1d142b21000a36a5.exe.zip
Size

17.0MB
MD5

80774216a259709e2772106f483caf65
SHA1

734d4ea7bdcf92cc0c998864f84804ba1223ad3f
SHA256

8a233bed0b1e2cd2eebb74dd8a49dffebb22b852cd7ebeafebc1d3c40c0e8f5f
SHA512

4662caed24e7489ecddd2c94a6aacb06ae8be0d46c540ef5a5c1c6fda6c5c542889054bb5a36a05dec5dabd096d411ddd8f6795ee6965e9fb3e5a9082b424ae5
SSDEEP

393216:0BPUh2gnmnF+OVQUVstsWHv7lvVc7eOoNsxT8sksZtl2Vq:Ish7+cOVZVsNP7lvayNsxT8skQgk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/1aa954280ff704582990fa686a91f1d142b21000a36a5.exe.bin

Files

1aa954280ff704582990fa686a91f1d142b21000a36a5.exe.zip
.zip

Password: infected
1aa954280ff704582990fa686a91f1d142b21000a36a5.exe.bin
.exe windows:6 windows x86 arch:x86

Password: infected

27cb3dd4b0c01d19e67be2c0b03afa13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

RegOpenKeyExA

ole32

CoInitialize

Sections

.text
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls0
Size: - Virtual size: 10.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls1
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls2
Size: 17.8MB - Virtual size: 17.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ