8322387094[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8322387094.zip
Size

133KB
MD5

009624ec0d3ce458ae0034a2ea352b43
SHA1

7daa8db5a4266c2a8241f9a7783677c05965c6c0
SHA256

2c142ebad7cb51e3c8edacb8f7dbab1df54b966d0e3042cd6839487506ebd8ff
SHA512

9803db519f5671f21270831fe3b42426b21a0afab2c5591523794ae36674cb5e0e06a7b659913531e2255402342c4d28199276b9e6e2f8673caf3fe4c0e951ae
SSDEEP

3072:Z/c7bbFUcV80GCk6RbrViTk3MoxIvjnoboTWOmWjUzGjey:Z/YbjVBHk0uk8oxDboTW4Uqjey

Score

N/A

Malware Config

Signatures

Files

8322387094.zip
.zip

Password: infected
c807ecf944f093163333cd31f7ad518d672b54982bbcf583fa7a6cac8c73c695
.exe windows x86

Password: infected

3658d39e64a057f91242cb69946f8ccd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

kernel32

CreateMutexA
GetCurrentThreadId
ReleaseMutex
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
OutputDebugStringA
Sleep
GetLastError
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
OpenProcess
TerminateProcess
Process32Next
CreateToolhelp32Snapshot
WinExec
GetACP
SetEndOfFile
DeleteFileA
FindNextFileA
GetModuleFileNameA
FindClose
FindFirstFileA
GetLocalTime
CloseHandle
ReadFile
WriteFile
SetFilePointer
GetOEMCP
Process32First
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
LoadLibraryW
IsValidCodePage
OutputDebugStringW
LoadLibraryExW
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileAttributesExW
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetStdHandle
GetModuleFileNameW

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
ControlService
OpenSCManagerA
SetServiceStatus
ReportEventA
StartServiceA
RegCreateKeyA
DeregisterEventSource
CreateServiceA
RegisterServiceCtrlHandlerA
RegSetValueExA
ChangeServiceConfig2A
DeleteService
StartServiceCtrlDispatcherA
RegisterEventSourceA
CloseServiceHandle
OpenServiceA

wininet

HttpSendRequestA
InternetCheckConnectionA
InternetGetConnectedState
HttpOpenRequestA
InternetOpenA
InternetReadFile
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3658d39e64a057f91242cb69946f8ccd

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

advapi32

wininet

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 37KB - Virtual size: 37KB