4d3735fafb61b1f77f149f44f50ef361414fa5a2d7df1605d64a5f06adcb5d3f[.]zip

General

Target

4d3735fafb61b1f77f149f44f50ef361414fa5a2d7df1605d64a5f06adcb5d3f.zip
Size

260KB
MD5

30fc0794ec655e1c2095ab74d512b926
SHA1

8e40e825a3be2b92625f5317ecaccd037b711410
SHA256

59f616fffd5414d82372b6b7828881112c99fb1814bce478616a07bc9af97320
SHA512

22102d7c0173f2627a45ca6649e1f84ac06978d51bdc3c11883917f254cc4e4b0fbe276de8ff7d6e1d2d96cf66d30e3bb6c729bb7a5d34480fa81c65e614a1e4
SSDEEP

6144:oFyLfruHXQJifrWBOU+xIW6gGAvP0zREcH5gkg2XwHXwTkA:yyLfiQJErd64v8zRfH5HpB

Score

N/A

Malware Config

Signatures

Files

4d3735fafb61b1f77f149f44f50ef361414fa5a2d7df1605d64a5f06adcb5d3f.zip
.zip

Password: infected
4d3735fafb61b1f77f149f44f50ef361414fa5a2d7df1605d64a5f06adcb5d3f
.exe windows x86

Password: infected

58633b7ac54abe86c0d1013c202c496c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cmutil

CmMalloc
CmFree
CmMoveMemory
CmRealloc
CmAtolA

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification
WTSVirtualChannelClose
WTSOpenServerW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSEnumerateProcessesA
WTSFreeMemory
WTSLogoffSession
WTSQuerySessionInformationA
WTSVirtualChannelWrite
WTSSetUserConfigW
WTSWaitSystemEvent
WTSVirtualChannelRead
WTSSetSessionInformationW

modemui

drvCommConfigDialogA
CountryRunOnce

kernel32

WaitForSingleObjectEx
GetStringTypeW
CreateWaitableTimerW
GetModuleFileNameA
FindFirstFileW
LoadLibraryExW
GetTempPathW
GetSystemDirectoryA
MoveFileA
GetProcAddress
GetACP
LoadLibraryA
lstrcmp
WaitNamedPipeW
GetProcessId
GetFileAttributesW

dbnmpntw

ConnectionError
ConnectionClose
ConnectionWrite
ConnectionRead
ConnectionVer

user32

LoadStringA
IsCharLowerA
GetMessageA
DrawStateW
LoadCursorA
LoadBitmapW
PostMessageA
CreateDesktopW
GetClassLongW
CharToOemA
wsprintfA

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4d3735fafb61b1f77f149f44f50ef361414fa5a2d7df1605d64a5f06adcb5d3f_dump_0x00950000
.exe windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

58633b7ac54abe86c0d1013c202c496c

Headers

File Characteristics

Imports

cmutil

wtsapi32

modemui

kernel32

dbnmpntw

user32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 158KB - Virtual size: 157KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 9KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 158KB - Virtual size: 157KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 9KB

.reloc
Size: 16KB - Virtual size: 16KB