sample[.]zip | Triage

Sharing

General

Target

sample.zip
Size

302KB
MD5

9e8a086ef12dda4f5e4bca642526fce6
SHA1

60ee913f968da1db1274cd51a3438523123232f4
SHA256

90a5459c95036aace6e45f9357ad5577ba1265a5a18cbe8e1094726b5299fae5
SHA512

83bbd190667aae5c9a2c01087457ae63227dff3ada7e459223198f95d68ff85b499ee3668c87380ff16d866d8e4d0e30d7105bffec0f368c3a46db74c07e01cb
SSDEEP

6144:tMqXFIbKXyoc5NwK9RscAVGwNvb/Trn6yj14y0nj7IUto8u9iEOv7J1B47m7oQ7:i0FZcfweRscbwN7TrnV1Ij7f1YiEOVLL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample/ForceAdmin.exe

Files

sample.zip
.zip
sample/ForceAdmin.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\matt\Downloads\ForceAdmin-main\obj\Release\net472\win-x64\release.pdb

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sample/dropper.bat
.bat .vbs