8113386253[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8113386253.zip
Size

2.1MB
MD5

acb8eed9cf7186a640db02e3917eddd7
SHA1

46eaf70f1b085c0e40896f1a1c47150d8e7d5ed2
SHA256

de7d00225524c511ff73183e1a946378739ea6d02aec226f65b40c28df269c4e
SHA512

a4fa023225870cf3fed03446b65ea7d25eb87652a24d09331d0d7a0d6bd474d1ff406abf9039af54d6ba533898e6b37c7e4eaff9a8151b15a1206074a45f583d
SSDEEP

49152:2pzyREwB5NrzwlGlb61rffNn6eIwTHSLJP/AvQLUzL20PS5iRD2sm:NEw7t5or3N6exji/2QLw2sS812sm

Score

N/A

Malware Config

Signatures

Files

8113386253.zip
.zip

Password: infected
355e8e5cff5c843badd55718636ccd6180fcccb937b7beb5fa7b3494ebb36943
.zip

Password: R871
Contract#8135.iso
.iso .vbs

Password: R871
Contract.lnk
.lnk
publish/ambitChart.cmd
publish/bittersweetCartoonists.vbs
.vbs
publish/depredating.txt
publish/grandparents.txt
publish/hyperbolism.dat
.dll windows x86

Password: R871

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
publish/purge.jpg
.jpg
publish/thrusters.txt
4ddbdd1b4dada3d9f40cbea650db658afd42d5706bca4b272fe249f4b1a2b857
.zip

Password: R871
Contract#8248.iso
.iso

Password: R871
Contract.lnk
.lnk
publish/depredating.txt
publish/grandparents.txt
publish/luggerAble.cmd
publish/pessimistsNathan.vbs
.vbs
publish/profligates.dat
.dll regsvr32 windows x86

Password: R871

2db63a3cf4d0f2034045aa22cff90795

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
DebugBreak
GetCurrentProcess
lstrlenA
GetCurrentThreadId
VirtualAlloc
GetModuleHandleA
GetCommandLineA
GetFileAttributesA
GetCurrentThread
GetCurrentProcessId
GetModuleHandleW
lstrcmpiA
CreateFileW
CloseHandle
lstrcmpA
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
HeapSize
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetFilePointerEx
SetStdHandle
WriteConsoleW

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shlwapi

PathGetDriveNumberA
PathFindOnPathA
PathFileExistsA
ord155
StrToIntA
PathFindExtensionA

Exports

Exports

DllRegisterServer
DllUnregisterServer
bego
browpost
helepole
metantimonous
monomineral
nonregenerative
pompousness
surgeful
westering

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rlc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: - Virtual size: 524B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
publish/purge.jpg
.jpg
publish/thrusters.txt
6e2abcba23000d6c481608e0b56955da8923532d6a684b93055f3444e9315a56
.zip

Password: R871
Contract#7975.iso
.iso

Password: R871
Contract.lnk
.lnk
publish/depredating.txt
publish/firecrackersUpholsterers.cmd
publish/grandparents.txt
publish/opener.dat
.dll regsvr32 windows x86

8877a7b766af3aace7fcad8462a174cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
DebugBreak
GetCurrentProcess
lstrlenA
GetCurrentThreadId
lstrcmpA
VirtualAlloc
GetVersion
GetCommandLineA
GetFileAttributesA
GetCurrentThread
GetCurrentProcessId
GetModuleHandleW
lstrcmpiA
CreateFileW
CloseHandle
GetModuleHandleA
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
HeapSize
SetStdHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
MoveFileExW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetFilePointerEx
WriteConsoleW

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shlwapi

PathFindExtensionA
PathFindOnPathA
PathFileExistsA
ord155
PathFindSuffixArrayA
StrToIntA

Exports

Exports

DllRegisterServer
DllUnregisterServer
bewailable
courtlet
noncensored
rhizocarpean
stine
strigiles
targetlike
trimethoxy

Sections

.data
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc6s
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
publish/purge.jpg
.jpg
publish/shelducksSinistral.vbs
.vbs
publish/thrusters.txt
7809a2fde3e8bedc72f8969b44bfc8922a7fb08b67be19baf228bd0e61e7a597
.zip
9c278ebbcb0fdcbbdddaddb444bfce769e95dc269c5e3297fe3e5de3889ea899
.zip

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: R871

Password: R871

Password: R871

Headers

File Characteristics

Sections

CODE Size: 320KB - Virtual size: 320KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 7KB

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 285KB - Virtual size: 285KB

Password: R871

Password: R871

Password: R871

2db63a3cf4d0f2034045aa22cff90795

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 139KB

.rlc Size: 105KB - Virtual size: 104KB

CODE Size: - Virtual size: 524B

.data Size: 197KB - Virtual size: 196KB

.idata Size: 3KB - Virtual size: 2KB

.hata Size: 12KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 13KB

Password: R871

Password: R871

8877a7b766af3aace7fcad8462a174cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

Exports

Exports

Sections

.data Size: 344KB - Virtual size: 344KB

.reloc6s Size: 104KB - Virtual size: 104KB

CODE Size: - Virtual size: 512B

.idata Size: 3KB - Virtual size: 2KB

.hata Size: 13KB - Virtual size: 13KB

DATA Size: 512B - Virtual size: 84B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 14KB - Virtual size: 13KB

CODE
Size: 320KB - Virtual size: 320KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 7KB

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 285KB - Virtual size: 285KB

.text
Size: 140KB - Virtual size: 139KB

.rlc
Size: 105KB - Virtual size: 104KB

CODE
Size: - Virtual size: 524B

.data
Size: 197KB - Virtual size: 196KB

.idata
Size: 3KB - Virtual size: 2KB

.hata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 13KB

.data
Size: 344KB - Virtual size: 344KB

.reloc6s
Size: 104KB - Virtual size: 104KB

CODE
Size: - Virtual size: 512B

.idata
Size: 3KB - Virtual size: 2KB

.hata
Size: 13KB - Virtual size: 13KB

DATA
Size: 512B - Virtual size: 84B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 14KB - Virtual size: 13KB