991db79632f6f6f4a5d6a6575aed744492aa2954e2c09f01242422061b3593c7 (1)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

991db79632f6f6f4a5d6a6575aed744492aa2954e2c09f01242422061b3593c7 (1).zip
Size

222KB
MD5

0744ed590264bd59b77c6d7d90a5c4ee
SHA1

42226c18ead88bf72e49caefe9d75efdd046ade4
SHA256

b9cf2436e24180c73f1177c304a4fd7410c01bdd813741bd93863d7e70580414
SHA512

0b55a43ec89b540bc269396ef2c4c06de2a4380a662a7c33cd95141b15626b10418434c243c39fd2b124f597ecdf99bfe5f3442ada1039cfe33218e193c984df
SSDEEP

6144:If3LjomNJym+QDpKdxz95dqySuZFaJarCvj2r06M:s3PzHPOz9qPuZFaoi2r5M

Score

N/A

Malware Config

Signatures

Files

991db79632f6f6f4a5d6a6575aed744492aa2954e2c09f01242422061b3593c7 (1).zip
.zip

Password: infected
991db79632f6f6f4a5d6a6575aed744492aa2954e2c09f01242422061b3593c7
.exe windows x86

b141dad7809ab13e97c029d596979573

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetComputerNameW
WideCharToMultiByte
CreateProcessA
GlobalMemoryStatus
GetTickCount
MoveFileW
GetDriveTypeW
FindFirstFileW
GetFileSizeEx
HeapFree
FindNextFileW
lstrlenW
CreateToolhelp32Snapshot
Process32NextW
FileTimeToSystemTime
Process32FirstW
HeapAlloc
FileTimeToLocalFileTime
GetProcAddress
GetProcessHeap
GetModuleHandleW
VerifyVersionInfoW
EnterCriticalSection
FindNextFileA
LeaveCriticalSection
InitializeCriticalSection
FindClose
DeleteCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
HeapSize
WriteConsoleW
FlushFileBuffers
SetStdHandle
CreateThread
GetSystemInfo
CloseHandle
DeleteFileW
TerminateThread
SetEvent
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
OpenProcess
GetACP
GetModuleHandleA
ReleaseMutex
CreateFileW
WaitForSingleObject
CreateMutexW
PeekNamedPipe
SetFilePointer
SetErrorMode
CreatePipe
TerminateProcess
WriteFile
GetCurrentProcess
GetOEMCP
ReadFile
GetVolumeInformationW
VerSetConditionMask
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExA
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
GetFileType
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RaiseException
SetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
DecodePointer

user32

PostThreadMessageW
GetMessageW
wsprintfW

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
LookupAccountSidW
LookupAccountNameW
GetSidIdentifierAuthority
GetUserNameW
GetTokenInformation

shell32

ord680

iphlpapi

GetAdaptersInfo

netapi32

NetWkstaGetInfo

shlwapi

PathFileExistsW

ws2_32

listen
gethostname
WSAGetLastError
htons
recv
connect
socket
send
WSAStartup
shutdown
gethostbyname
closesocket
bind
accept

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b141dad7809ab13e97c029d596979573

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

iphlpapi

netapi32

shlwapi

ws2_32

Sections

.text Size: 308KB - Virtual size: 307KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 6KB - Virtual size: 14KB

.gfids Size: 512B - Virtual size: 284B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 308KB - Virtual size: 307KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 6KB - Virtual size: 14KB

.gfids
Size: 512B - Virtual size: 284B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB