2b4531ed5a3a8705e373659e2c61a9aed8e9c3bf4be0155623e33c855504dc05[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2b4531ed5a3a8705e373659e2c61a9aed8e9c3bf4be0155623e33c855504dc05.zip
Size

544KB
MD5

76a51975222e40c9dc9d8ced8b9a80f5
SHA1

5f6303dacfddac5dc289a6c985cdb6b70d1c955e
SHA256

a1d269b15c5f78a90bd6b8ae17c457f47aca18179880d61d026efc64960a5c43
SHA512

42b8e0db7daa37b512b5c8e2566fe43ce246ad67898e608adb50d447fa9d6dcbd76d5eb1228bcac4da545baf37d996fb227d35424914188ac60e9855f1bf5612
SSDEEP

12288:yGJY1E2NKaRFSFNz6aV69/G/P83x1OwvU1zZ/6I1/yhEAcwo5e0E:zJYZDFS76ao9/G/PJe4zdT/yhk60E

Score

N/A

Malware Config

Signatures

Files

2b4531ed5a3a8705e373659e2c61a9aed8e9c3bf4be0155623e33c855504dc05.zip
.zip

Password: threatbook
2b4531ed5a3a8705e373659e2c61a9aed8e9c3bf4be0155623e33c855504dc05
.dll windows x64

Password: threatbook

5cb287be79ab673602f69769b1141cd2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindFirstFileW
FindNextFileW
FindClose
CreateFileW
DeleteFileW
GetFileSize
lstrcmpW
VirtualFree
SetFilePointer
GetCurrentThreadId
CreateDirectoryW
GetModuleFileNameA
GetCurrentProcess
WriteFile
GetModuleFileNameW
InitializeCriticalSection
WaitForSingleObject
GetFileAttributesW
Sleep
GetLastError
GlobalAlloc
GlobalFree
GetComputerNameW
CopyFileW
GetTickCount
MultiByteToWideChar
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
ReadFile
DeleteFileA
HeapReAlloc
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
lstrlenW
GetTempFileNameW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
ReadConsoleW
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetProcAddress
GetLogicalDriveStringsA
lstrlenA
GetLocalTime
LoadLibraryW
GetSystemInfo
CloseHandle
Process32FirstW
LoadLibraryA
Process32NextW
CreateToolhelp32Snapshot
GetLocaleInfoA
GetLocaleInfoW
GetEnvironmentVariableW
GetDriveTypeA
GetModuleHandleExW
GetSystemDefaultLCID
GetLogicalDrives
lstrcpynA
lstrcpyA
lstrcatA
GetTimeZoneInformation
SetStdHandle
CreateProcessA
GetExitCodeProcess
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetConsoleMode
lstrcmpA
GetVersionExA
GetConsoleCP
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
LoadLibraryExW
InterlockedFlushSList
GetFileType
WriteConsoleW

user32

OpenWindowStationA
GetDesktopWindow
GetWindowRect
ReleaseDC
GetProcessWindowStation
GetWindowDC
OpenInputDesktop
SetProcessWindowStation
MessageBoxW
SetThreadDesktop
GetThreadDesktop

gdi32

BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
CreateCompatibleBitmap

advapi32

CryptDecrypt
RegQueryValueExW
OpenProcessToken
ConvertSidToStringSidW
GetUserNameW
GetTokenInformation
CryptDestroyKey
CryptAcquireContextA
RegEnumKeyExA
CryptSetKeyParam
CryptImportKey
CryptReleaseContext
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHFileOperationW
ShellExecuteExW

ole32

CreateStreamOnHGlobal

urlmon

ObtainUserAgentString

bcrypt

BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptDestroyKey
BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey

crypt32

CryptUnprotectData

wininet

InternetSetOptionW
InternetReadFile
HttpOpenRequestA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA

shlwapi

StrToInt64ExA
StrChrA
StrCmpNA

Sections

.text
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.DLL
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

5cb287be79ab673602f69769b1141cd2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

urlmon

bcrypt

crypt32

wininet

shlwapi

Sections

.text Size: 731KB - Virtual size: 730KB

.rdata Size: 171KB - Virtual size: 170KB

.data Size: 24KB - Virtual size: 49KB

.pdata Size: 29KB - Virtual size: 28KB

.gfids Size: 512B - Virtual size: 452B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 6KB - Virtual size: 5KB

.DLL Size: 83KB - Virtual size: 84KB

.text
Size: 731KB - Virtual size: 730KB

.rdata
Size: 171KB - Virtual size: 170KB

.data
Size: 24KB - Virtual size: 49KB

.pdata
Size: 29KB - Virtual size: 28KB

.gfids
Size: 512B - Virtual size: 452B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 6KB - Virtual size: 5KB

.DLL
Size: 83KB - Virtual size: 84KB