221012-kfv42sr1j5_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

221012-kfv42sr1j5_pw_infected.zip
Size

54KB
MD5

c3f9a16afe2bbd0c78f13e723f227b19
SHA1

d3fa79e9a15cdffde3289548d89e4142704c6e83
SHA256

01cafd4a7577996bf4d1fae7b9672037c628d8f4564c862798210f6c8fa41a0a
SHA512

be3c1b6d8f0fcb028329548035f3372c393e09c9f93595af20175666e7a4c32a3343775315ffedc8d9f884a0f091c19090af168368bcd1d7cdbfddf99d7a5a18
SSDEEP

1536:gy9M+ev4l4xrZJ1vYAkYUFewvWrLzcj+uQxOF:5NeTiATUUwYzMF

Score

N/A

Malware Config

Signatures

Files

221012-kfv42sr1j5_pw_infected.zip
.zip

Password: infected
MSVCR100.dll
.dll windows x86

b86750d4120e7676b19e27e4699a7311

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeSListHead
GetShortPathNameA
CreateNamedPipeA
GetSystemDefaultUILanguage
LCMapStringA
SetErrorMode
GetCompressedFileSizeTransactedA
EnumSystemLanguageGroupsW
DisableThreadLibraryCalls
FindResourceExA
CreateThread
RemoveDirectoryA
VerifyVersionInfoW
AddAtomW
CheckNameLegalDOS8Dot3W
GlobalReAlloc
GlobalAlloc
GlobalFree
SetFilePointer
CreateFileW
GetLastError
GetFileSize
lstrlenW
lstrcpyW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
LCMapStringW
CompareStringW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
DecodePointer
GetNativeSystemInfo
SetVolumeLabelA
MultiByteToWideChar
GetFullPathNameTransactedA
CreateActCtxA
CreateHardLinkTransactedA
DeleteFileTransactedA
AssignProcessToJobObject
GetLongPathNameW
GetSystemDefaultLCID
GetBinaryTypeW
CreateDirectoryW
GetExitCodeProcess
GetCommandLineW
GetCommandLineA
CreateProcessW
CloseHandle
GetStartupInfoW
lstrcpyA
TerminateThread
Sleep
GetExitCodeThread
lstrlenA
CreatePipe
TerminateProcess
WriteFile
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
MoveFileExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
InterlockedFlushSList
RaiseException
RtlUnwind
SetLastError
WriteConsoleW

user32

EnableWindow
SetSystemCursor
GetClipboardFormatNameA
GetRawInputDeviceInfoA
GetTitleBarInfo
TrackMouseEvent
IsCharLowerA
InSendMessage
AnyPopup
SetClassLongW
ScreenToClient
CreateDesktopExW
DefRawInputProc
GetLastInputInfo
FindWindowExW
CreateMDIWindowW
GetWindowRgn
LoadIconW
CharUpperW
SetUserObjectInformationA

gdi32

EndPath
GetColorAdjustment
GetCharacterPlacementA
StrokePath
GetNearestColor
SetRectRgn
GetPolyFillMode
GetBkMode
RectVisible
EndDoc
OffsetClipRgn
CreateRectRgnIndirect
GetArcDirection
WidenPath

winspool.drv

AddPrinterA

advapi32

FileEncryptionStatusA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
GetCurrentHwProfileA
IsTokenRestricted
SetKernelObjectSecurity

ole32

CoImpersonateClient
CoQueryAuthenticationServices
CreateStreamOnHGlobal
GetClassFile

winhttp

WinHttpSetOption
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpReadData
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpQueryOption
WinHttpWriteData

ws2_32

gethostbyname
WSAStartup
ntohs
WSACleanup
inet_ntoa
gethostname

iphlpapi

GetTcpTable

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdate
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b86750d4120e7676b19e27e4699a7311

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

ole32

winhttp

ws2_32

iphlpapi

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 4KB

.rdate Size: 4KB - Virtual size: 4KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 4KB

.rdate
Size: 4KB - Virtual size: 4KB