dd52dd9975e9416fd24d4230c84fa82e1edbdfee75670486d5a38ef9cc042960.zip

ZIP

HOSTILE

Mal-ecule

Size 3.5 KB download

First seen 49 days ago

Analyzed 38 days ago

Ecosystem APTMalware

Objectives

anti-static/obfuscation WININET.DLL absent from PE import table

evasion/indicator-removal Export timestamp is absent

anti-static/obfuscation/binary-metrics Binary has normal code entropy (>5.5)

command-and-control/backdoor/shell oleaut32 ordinal 2

command-and-control/infrastructure Binary has 4 or fewer sections

evasion/masquerade/version-resource Console subsystem on dw20 claim

evasion/process/injection Lacks substantial resources

communications/socket Winsock socket creation import

data/string Limited string copy

fs/path sprintf string formatting API

os Formatted console output

os/signal Install signal handler

process/threading CreateThread API name reference

time/timing Delay execution

binary/metrics Tiny PE by file size

signed Binary is not digitally signed

binary PE Rich header present (MSVC toolchain)

dylib::kernel32 links KERNEL32.dll (Sleep)

dylib::msvcrt links MSVCRT.dll (controlfp, except_handler3, set_app_type, p__fmode, p__commode, ... +17 more)

dylib::ws2_32 links WS2_32.dll (ORDINAL 52, ORDINAL 4, ORDINAL 9, ORDINAL 8, ORDINAL 21, ... +13 more)

20 of 30 traits shown

SHA-256	074a842be7620a86cca7b394170ae38e4429b15fb831d545fa44595b51893bf5
Filename	dd52dd9975e9416fd24d4230c84fa82e1edbdfee75670486d5a38ef9cc042960.zip

Not seeing what you expected? Let us know