sample1[.]zip | Triage

Sharing

General

Target

sample1.zip
Size

3.5MB
MD5

dd1aa09ca32d94db91c874bc4794d991
SHA1

b6aedb5bd8d2a620ba63c8765565767eaf41e2f0
SHA256

21afeeee6f2d7773ef69c1543c67fa78eb44b1de8fbca055919f500fb4fbc771
SHA512

c3fbfb5aceec947e689980362bfe42692c0ea99420587d4f44dbc18ddf984d819970af1f74707ed662bb55efd5c7e65810be22af08e050de058d363574cdcfbf
SSDEEP

49152:mFFO/5BZ1tSu8NrKXVUDfEQQM+920CisqIoLlmkAypY+0Huq3MxCshMfTAN3oOw5:mFF65BboueG+DsQQMWXIoZmkAE0X0MXT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/aae8ec7c5c3a2c9d51efd49c94b8e904

Files

sample1.zip
.zip

Password: infected
aae8ec7c5c3a2c9d51efd49c94b8e904
.dll windows:4 windows x86 arch:x86

Password: infected

2e5708ae5fed0403e8117c645fb23e5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
SizeofResource
LockResource
LoadResource
FindResourceA
CreateProcessA

msvcrt

free
_initterm
malloc
_adjust_fdiv
sprintf

Exports

Exports

PlayGame

Sections

.text
Size: 4KB - Virtual size: 652B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ