456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd.zip
Size

225KB
MD5

70efbb97b966502f1a66947349d991fb
SHA1

2160210eac7b68787d8d980a4a8125d9a8090353
SHA256

f6eb0779ed543037991f587d1616015a2869cd9a09b08bde3bf966a223587078
SHA512

b5759389757a0ee3a814ac314d3cae5b7b157b9de701cb155492e7843d21c538c018035ffa366584f234f27e46cfd24b021b788843be5afb25b62ec0ddb4b950
SSDEEP

6144:NJHXAiXZ1U7kLNU9zwgG/3c68df8WbtS4:Yip1U7kLlx/3t8dfjbQ4

Score

N/A

Malware Config

Signatures

Files

456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd.zip
.zip

Password: infected
456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd.exe
.exe windows x86

Password: infected

af490f1fa85da801fa341e01f02aad49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesW
CreateMutexW
SetPriorityClass
SetLocalTime
BuildCommDCBAndTimeoutsA
LoadResource
DeleteVolumeMountPointA
WriteTapemark
_lwrite
ReadConsoleA
SetDefaultCommConfigW
SetComputerNameW
SleepEx
SetTapeParameters
GetProcessPriorityBoost
GetModuleHandleW
GlobalAlloc
GetSystemPowerStatus
SetSystemTimeAdjustment
GetConsoleWindow
GetTimeZoneInformation
lstrlenW
FreeLibraryAndExitThread
GetLastError
GetCurrentDirectoryW
GetTapeStatus
VirtualAlloc
SetVolumeLabelW
MoveFileW
GetLocalTime
LoadLibraryA
CreateSemaphoreW
UnhandledExceptionFilter
AddAtomW
GetPrivateProfileStructA
VirtualProtect
lstrcpyA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapCreate
VirtualFree
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW

winhttp

WinHttpCloseHandle

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 675KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

af490f1fa85da801fa341e01f02aad49

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Sections

.text Size: 238KB - Virtual size: 237KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 675KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 238KB - Virtual size: 237KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 675KB

.rsrc
Size: 14KB - Virtual size: 14KB