dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.zip
Size

120KB
MD5

07666da03fe703d3e91345edfe53a9c9
SHA1

c4844d25732c5c9f3b624a86f7d641770c9e9127
SHA256

283cbc75ed8f404e2f3e0453f18faf214193844cbfe9ce478c8b8714ad4d1048
SHA512

5aaed87060f549875c16b26963c8749e7821162baf0f4a3b3fa209191d9071ffd4400fe80b468f6ffbcb2ca5df689d196fc722b26267a0fced7b273abd9908fb
SSDEEP

3072:QY70BoYExF9l0quM5CvJ4Qq0xAVa/HFkHMFwLSGIf:Zx3l0qurvqQq0x9/HCHUvf

Score

N/A

Malware Config

Signatures

Files

dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.zip
.zip

Password: infected
dc659d0624712f8331b4240509896a60eb6277bc26ebf041573de9039610aa91.exe
.exe windows x64

Password: infected

c0a133dd98be309680d2bde15e774a17

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

_wtoi
wcschr
_wcsnicmp
_vsnwprintf
_vscprintf
vsprintf_s
vswprintf_s
_vscwprintf
swscanf_s
fgetws
memcmp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
_wfopen
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
memset
_wcsicmp
wcscpy_s
_beginthreadex
wcsstr
wcsrchr
wcstok_s
fclose
__C_specific_handler
calloc
iswctype
strrchr
_ismbblead
memmove_s
malloc
memcpy_s
_purecall
_vsnprintf
__CxxFrameHandler3
feof
_acmdln
free
towlower
memcpy

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
SetErrorMode
GetLastError
UnhandledExceptionFilter
RaiseException

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
WaitForSingleObjectEx
CreateMutexA
OpenEventW
SetEvent
WaitForMultipleObjectsEx
InitializeCriticalSection
WaitForSingleObject
DeleteCriticalSection
CreateMutexW
ReleaseMutex
CreateEventExW
EnterCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoRevokeClassObject
CLSIDFromString
CoRegisterClassObject
ProgIDFromCLSID
CoUninitialize
CoInitializeEx
CoRegisterPSClsid

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
FreeSid
AddAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetSecurityDescriptorOwner
IsValidSid
CopySid
GetAclInformation
GetLengthSid
AllocateAndInitializeSid
GetSecurityDescriptorSacl
IsValidSecurityDescriptor
AddAccessAllowedAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeAcl
EqualSid
GetTokenInformation
SetSecurityDescriptorGroup
CheckTokenMembership

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW
SearchPathW

api-ms-win-core-localization-l1-2-0

SetThreadUILanguage
FormatMessageA
FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
OpenThreadToken
GetStartupInfoW
OpenProcessToken
TlsFree
GetCurrentProcessId
ExitProcess
TerminateProcess
TlsGetValue
GetCurrentThreadId
GetCurrentProcess
TlsSetValue
TlsAlloc

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
LoadStringW
LoadLibraryExW
FreeLibrary
LoadResource
GetModuleFileNameW
FindResourceExW
GetModuleHandleExW
GetModuleFileNameA
GetProcAddress

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetLocalTime
GetVersionExW
GetSystemWindowsDirectoryW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
CreateErrorInfo
SetErrorInfo
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen

api-ms-win-core-file-l1-1-0

FlushFileBuffers
WriteFile
SetFilePointer
CreateFileA
DeleteFileA
GetTempFileNameW
DeleteFileW
CreateFileW
GetFileSizeEx
GetFileSize

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-memory-l1-1-0

VirtualQuery
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-io-l1-1-0

DeviceIoControl

ntdll

RtlGetVersion
RtlFreeHeap
RtlAllocateHeap
RtlNtStatusToDosError

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c0a133dd98be309680d2bde15e774a17

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

oleaut32

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-io-l1-1-0

ntdll

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 448B