Desktop[.]zip | Triage

Sharing

General

Target

Desktop.zip
Size

302KB
MD5

80ae521089e5a975a2849a38dea66c7f
SHA1

9732e4fcbb5fe04ff6ff3f0a517b55e1da9d86fd
SHA256

cdcc31a5e04ae4bf0873bd78a29b69991e3632ec182d4b3ca328bf8071400628
SHA512

510d68106f339d9da862bcc87a7575598e3a35b16f912872fd8b61e410862902411cd74a29173e76d079ca09d134106a1a5a0eb2140ee3d43a483c1cf9e26d41
SSDEEP

6144:KqXFIbKXyoc5NwK9RscAVGwNvb/Trn6yj14y0nj7IUto8u9iEOv7J1B47m7oQo:K0FZcfweRscbwN7TrnV1Ij7f1YiEOVL4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ForceAdmin.exe

Files

Desktop.zip
.zip
ForceAdmin.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\matt\Downloads\ForceAdmin-main\obj\Release\net472\win-x64\release.pdb

Sections

.text
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
New Text Document.txt
.ps1