4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.zip
Size

68KB
MD5

7e83ada2154b61b429608adcedf67cfa
SHA1

a18d7cd6b0d407074b78ccf61f967a7e186fc04f
SHA256

6270fc40abc62bce9c80fa7954547c04229d2cfd885ef1b319f14ab3aca0b6cb
SHA512

662cf81eb0976d8c9a8e1fe66e88d28c8af5ded3f785be0f87a411b2239c9e05d842e8b6a750bac13276978a72ec95e2c73942efc049f592ccdadba996e1e87a
SSDEEP

1536:c6MyanRA82id26lZpoiCh5rCNLO8HTQgTwJMmWQIdWGPZ3rSk:cFxGriBgLh1CNaqPbmW7Ek

Score

N/A

Malware Config

Signatures

Files

4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.zip
.zip

Password: infected
4cae449450c07b7aa74314173c7b00d409eabfe22b86859f3b3acedd66010458.exe
.exe windows x86

Password: infected

93736e6ffcbf0a539a73e55e921de1cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
LeaveCriticalSection
FileTimeToSystemTime
EnterCriticalSection
FindClose
SetThreadPriorityBoost
GetSystemInfo
WaitForMultipleObjects
FindNextFileW
SetThreadAffinityMask
SetProcessShutdownParameters
GetSystemTime
ReadFile
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetSystemWindowsDirectoryA
CreateFileW
SetFileAttributesW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
HeapFree
TlsGetValue
TlsSetValue
InterlockedIncrement
GetModuleHandleW
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
IsProcessorFeaturePresent
HeapAlloc
HeapReAlloc
MultiByteToWideChar
LoadLibraryW
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
SetFilePointer
GetModuleFileNameA
WriteConsoleW
SetStdHandle
GetCurrentThread
SetEvent
WaitForSingleObject
GetLogicalDriveStringsW
SystemTimeToTzSpecificLocalTime
FindFirstFileW
GetProcessHandleCount
GetProcessTimes
CloseHandle
GetSystemTimes
SwitchToThread
SetLastError
GetStdHandle
FlushFileBuffers
WriteFile
lstrlenA
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
GetCurrentProcessId
GetLastError
Sleep
SetProcessPriorityBoost
GetTickCount
GetCurrentProcess
CreateMutexW
MoveFileW
DeleteFileA
lstrcpynA
Process32First
OpenProcess
Process32Next
GetModuleHandleA
GetComputerNameA
GetNativeSystemInfo
SetErrorMode
GetSystemDirectoryW
GetVolumeInformationA
GetVersionExW
GetEnvironmentVariableA
CreateThread
GetProcessHeap
MoveFileExA
SetFilePointerEx
GetFileSizeEx
FindFirstFileA
RemoveDirectoryA
SetFileAttributesA
FindNextFileA
ExitProcess

user32

wsprintfW
CharLowerA
CharUpperA

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetTokenInformation
SetKernelObjectSecurity
GetUserNameA
RegQueryValueExA
CryptAcquireContextW
CryptGenRandom
ControlService
OpenSCManagerA
QueryServiceStatusEx
OpenServiceW
CloseServiceHandle
CryptReleaseContext

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

StringFromGUID2

psapi

GetModuleFileNameExW

shlwapi

PathAddBackslashA
PathFindFileNameA
SHRegSetUSValueA
PathAppendA
PathIsDirectoryA
PathFindFileNameW
StrCpyNW
StrCpyW
PathFileExistsW
StrCatW
wvnsprintfA
StrCmpW
StrCmpIW
StrStrIW
PathFindExtensionW
StrStrIA
StrCatBuffA
StrNCatW
wnsprintfA

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

netapi32

NetApiBufferFree
NetWkstaGetInfo
NetServerGetInfo

ntdll

ZwQueryInformationProcess
ZwUnmapViewOfSection

Exports

Exports

?ReflectiveLoader@@YGKPAX@Z

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

93736e6ffcbf0a539a73e55e921de1cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

shlwapi

mpr

netapi32

ntdll

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 9KB - Virtual size: 31KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 9KB - Virtual size: 31KB

.reloc
Size: 10KB - Virtual size: 9KB