sorenq[.]zip | Triage

Sharing

General

Target

sorenq.zip
Size

4.0MB
MD5

8c8355a5982d5c23cf46e1bc208d71f9
SHA1

f3582d5e9ff9d8a93f81fa573b6fe96715002823
SHA256

6421b8dd3f429921cd2cd3b9d6809f8a860d2f6acb58be9387ff14541dc07878
SHA512

fae8127f885f706d57b9af4c5bcc0c45303301f03da316558ec18e5a67d3532d579d7845e1a3042d19326f06ddbcbd5aadea4590fcd6beac9ef0f3f012274696
SSDEEP

98304:i83pEdZEqpFLPHmYT4sww+/HDPT8pwC8AEP0jdSeww80MDeMy+O:dZjqL6idm84L0ceD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/download.exe

Files

sorenq.zip
.zip

Password: infected
download.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ