4909445556109312[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4909445556109312.zip
Size

35KB
MD5

18040d906ae9a663ba27f2678471e8c2
SHA1

10e8c304e33ce059d9b6177de8364062f4273198
SHA256

7607e2ea902025bef5cfe4dab1fee68419de194f26a039ffaa661d407c8bc310
SHA512

cdb67c806c235657ec268c8c00c6e62d66b80dd7e0334f3a54811abf2d278941c01307e57ba1328136e8679601fa44d43323a87785f91cd0bdf3c3a0ea0f1954
SSDEEP

768:WNkhY66p7jBDzpMups2LjFEdlE+MTihNB2q2+wkjc3JzZsn2iF:WC0VlhRHOW+MTm2avc3CF

Score

N/A

Malware Config

Signatures

Files

4909445556109312.zip
.zip

Password: infected
bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8
.exe windows x86

cc3abc4e0e3ee104d883385ee5cb0259

Code Sign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtClose
NtCreateFile
RtlInitUnicodeString
NtMapViewOfSection
NtFsControlFile
RtlImageNtHeader
RtlUnwind
_chkstk
memset
memcpy
RtlNtStatusToDosError
wcschr
memcmp
NtUnmapViewOfSection
NtDeleteFile
_snprintf
_wcslwr
_snwprintf
NtOpenSection
_allmul
_aulldiv
_aulldvrm
NtQueryVirtualMemory

shlwapi

PathCombineW
StrToIntExW
StrTrimW
StrRChrW
StrStrW
PathFileExistsW
PathFindFileNameW
StrCmpNW
PathFindExtensionW
StrChrW

kernel32

SetEndOfFile
SetUnhandledExceptionFilter
GetCurrentProcess
CreateFileW
WaitForSingleObject
lstrcatW
SetEvent
GetCurrentThreadId
ExitThread
lstrlenW
CloseHandle
DeleteFileW
GetCurrentProcessId
GetLastError
SetFilePointer
GetProcAddress
GetDiskFreeSpaceExW
lstrcpyW
SetFileAttributesW
WriteFile
MoveFileW
HeapAlloc
InterlockedIncrement
HeapFree
CopyFileW
ExitProcess
GetCommandLineW
CreateEventA
GetProcessHeap
GetModuleHandleA
GetSystemTimeAsFileTime
lstrcmpW
GetVersion
WaitForMultipleObjects
CreateThread
Sleep
CreateProcessW
GetExitCodeProcess
CreateDirectoryW
TerminateProcess
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
FindNextFileW
ResetEvent
InterlockedDecrement
FindClose
EnterCriticalSection
GetCurrentDirectoryW
FindFirstFileW
LoadLibraryA
LeaveCriticalSection
QueryDosDeviceW
QueryPerformanceCounter
GetLogicalDriveStringsW
GetDriveTypeW
GetFileAttributesW
QueryPerformanceFrequency
MultiByteToWideChar
SetFileTime
CreateFileMappingW
GetTempPathW
UnmapViewOfFile
MapViewOfFile
GetModuleFileNameW
ReadFile
GetFileSize
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetTempFileNameW

advapi32

RegisterServiceCtrlHandlerW
RegOpenKeyW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetSidSubAuthority
GetTokenInformation
OpenProcessToken
GetSidSubAuthorityCount
StartServiceCtrlDispatcherW
OpenSCManagerW
SetServiceStatus
RegDeleteValueW
DeleteService
RegSetValueExW
RegCloseKey
StartServiceW
CloseServiceHandle
ControlService
CreateServiceW
RegOpenKeyExW
QueryServiceStatusEx
RegEnumKeyW

shell32

ShellExecuteExW

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

cc3abc4e0e3ee104d883385ee5cb0259

Code Sign

Headers

File Characteristics

Imports

ntdll

shlwapi

kernel32

advapi32

shell32

ole32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.bss Size: 17KB - Virtual size: 17KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.bss
Size: 17KB - Virtual size: 17KB

.reloc
Size: 2KB - Virtual size: 2KB