m7cdedu[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

m7cdedu.zip
Size

413KB
MD5

c4536bd01e8dbf70620596f4405cc009
SHA1

2abc224d7b6e9320ba6d00cc722120a95a5bf88a
SHA256

45d498fb79a063579d9d758e553a8c3f6792a1cc5a6979d6734d7afda6684359
SHA512

2eca1efda15314bbe7aaca902c3d8824116d193e7a0dac75bd0db14eb8c70bd16be8ee171e1b70b2f704fa77fbab67cd1ce6a2b6f33c81d345d6066647094308
SSDEEP

12288:+ppGTOGQ7DstX8FM9zxh/d/GMqLTXp0k+:+prlsx8FMhReMqLzuk

Score

N/A

Malware Config

Signatures

Files

m7cdedu.zip
.dll windows x86

8732adfc7dfe7731a05e4181b787761a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetModuleHandleW
GetLastError
WriteConsoleInputW
BackupWrite
SetDefaultCommConfigA
CreateHardLinkW
WritePrivateProfileStringW
VirtualAllocEx
GetFileInformationByHandle
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
OutputDebugStringA
GetLocalTime
SystemTimeToFileTime
LocalFree
SetErrorMode
DeviceIoControl
GlobalHandle
GetFileAttributesExW
GetExitCodeThread
GetComputerNameW
OpenEventW
ExitThread
SetEvent
GetCommandLineW
CreateThread
GetSystemPowerStatus
GetVersionExW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcess
GlobalLock
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalSize
GlobalAlloc
SetLastError
ReadFile
WriteFile
InterlockedIncrement
InterlockedDecrement
Sleep
CloseHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcpyW
GetFileSize
CreateFileW
ReleaseMutex
lstrcatW
FormatMessageW
GetCurrentThreadId
lstrlenW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
lstrcpynW
SizeofResource
FindResourceW
lstrcmpiW
CompareStringW
ExpandEnvironmentStringsW
LoadLibraryW
GetDiskFreeSpaceW
lstrcmpW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetDriveTypeW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
GetSystemWindowsDirectoryW
GetShortPathNameW
GetShortPathNameA
SetFileAttributesW
SetFileAttributesA
GetFileAttributesW
GetFileAttributesA
GetCurrentDirectoryW
GetCurrentDirectoryA
FindClose
SetCurrentDirectoryA
SetCurrentDirectoryW
MultiByteToWideChar
GetVersionExA
GetProcAddress
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW

user32

LoadCursorA
MapVirtualKeyExA
MessageBoxW
RemovePropA
GetQueueStatus
ReplyMessage
CallMsgFilter
CreateWindowStationW
UnhookWinEvent
DdeCreateDataHandle
UpdateWindow
SetProcessWindowStation
SetRect
GetProcessDefaultLayout
DrawAnimatedRects
UnhookWindowsHook
IsWindowVisible
GetKeyboardLayoutList
PackDDElParam
RealGetWindowClassA
LoadStringW
CharUpperW
wvsprintfA
SendMessageW
DefWindowProcW
LoadCursorW
CreateWindowExW
SetTimer
KillTimer
PostQuitMessage
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
RegisterClassExW
PostMessageW
wsprintfW
CloseWindowStation
GetProcessWindowStation
OpenInputDesktop
OpenDesktopW
ShowWindow
RegisterClassW
OpenWindowStationW
GetFocus
SetThreadDesktop
CloseDesktop
GetThreadDesktop

gdi32

CreatePatternBrush
CreateSolidBrush
GetEnhMetaFileA
GetEnhMetaFileBits
GetEnhMetaFileW
EndPage
AddFontResourceA
ExtEscape
GdiComment
CreatePalette
GetCharABCWidthsA
CreateRectRgnIndirect
GetBoundsRect
GdiEntry13
CancelDC
SetPixel
ColorMatchToTarget
CopyMetaFileA
CreateColorSpaceW
FillRgn
GetStockObject

advapi32

RegOpenKeyA
RegQueryValueExA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
SetEntriesInAclW
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
FreeSid
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges

shell32

DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoUninitialize
CoCreateInstanceEx
CLSIDFromString
CoRegisterClassObject
ReleaseStgMedium
CoInitializeEx

shlwapi

StrRChrIW
StrStrA

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8732adfc7dfe7731a05e4181b787761a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 512B - Virtual size: 225B

.rdata2 Size: 1024B - Virtual size: 872B

.data Size: 10KB - Virtual size: 10KB

.text2 Size: 241KB - Virtual size: 241KB

.rdata3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 512B - Virtual size: 225B

.rdata2
Size: 1024B - Virtual size: 872B

.data
Size: 10KB - Virtual size: 10KB

.text2
Size: 241KB - Virtual size: 241KB

.rdata3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 3KB - Virtual size: 2KB