malware[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

malware.zip
Size

1.7MB
MD5

0ee937c3c8e1fd49b46465a22dd57fd4
SHA1

7296c009253f44b6e8b4198944ac68795e4f0f01
SHA256

105ed577b0f27545749e78c7a87f59ccd7be87868e82ec7fc834a0cb927e76fa
SHA512

7d4f2ebcb061a9dc56140dbef72cca17c6a27f48f86fcc995c89922bce2f27294425d546d1d3c8fca9e19526abdcba2889377b29e3ebcbf8b802c38d1bda9b69
SSDEEP

49152:xGq93HqrCLG29jKglfYea9O+r1/2+86bKnB+zha+D:xGq93K2S2FKg9YfO+p/2+86bKnBi5D

Score

N/A

Malware Config

Signatures

Files

malware.zip
.zip
notepad++.exe
.exe windows x86

fff450e295ff435b3363be0c9b9ea0b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragEnter
ImageList_DragShowNolock
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetIconSize
ord17
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_DragMove
ImageList_Draw

shlwapi

PathAddExtensionW
PathIsDirectoryW
PathRemoveExtensionW
AssocQueryStringW
PathMatchSpecW
PathIsRelativeW
PathGetDriveNumberW
PathCompactPathExW
PathAppendW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathFindFileNameW

shell32

SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
DragQueryFileW
DragQueryPoint
DragFinish
ShellExecuteW
ord165
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
CommandLineToArgvW

dbghelp

ImageNtHeader

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateContext
CryptQueryObject
CertGetNameStringW
CertNameToStrW
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

sensapi

IsNetworkAlive
IsDestinationReachableW

kernel32

SetFileAttributesW
lstrcpyW
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GlobalUnlock
GlobalLock
GetCurrentDirectoryW
GlobalAlloc
FormatMessageW
LCMapStringW
FreeLibrary
lstrcmpiW
GetCurrentThreadId
SetCurrentDirectoryW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
CopyFileW
CreateFileW
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
ReleaseMutex
CreateMutexW
Sleep
GlobalSize
lstrcpynW
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetSystemInfo
GetVersionExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryExW
GetLocalTime
GetExitCodeProcess
GetFullPathNameW
LoadResource
LockResource
SizeofResource
FindResourceW
GetTempPathW
SetLastError
CancelIo
SleepEx
WaitForSingleObjectEx
QueueUserAPC
ReadDirectoryChangesW
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetNativeSystemInfo
GetExitCodeThread
GetCurrentThread
DuplicateHandle
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
GetFileAttributesExW
DeleteFileW
CreateDirectoryW
CompareFileTime
lstrlenW
lstrcmpW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GetProcAddress
GetModuleFileNameW
GetVersion
MulDiv
GetModuleHandleW
LocalFree
GetLongPathNameW
LocalAlloc
GetLastError
OutputDebugStringW
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
RtlUnwind
HeapValidate
GetModuleHandleExW
ReadFile
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
ExitThread
ResumeThread
WriteFile
HeapReAlloc
HeapSize
RtlCaptureStackBackTrace
HeapQueryInformation
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetFileSizeEx
IsValidCodePage
GetOEMCP
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
GetACP

user32

FindWindowW
CreateDialogIndirectParamW
SystemParametersInfoW
TrackMouseEvent
GetCapture
SetRectEmpty
AppendMenuW
RegisterWindowMessageW
ShowCursor
CreateCursor
DestroyCursor
ScrollWindow
SetPropW
GetPropW
RemovePropW
SetScrollInfo
LoadStringW
InsertMenuItemW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsCharAlphaW
LoadIconW
GetDesktopWindow
PtInRect
WindowFromPoint
LockWindowUpdate
GetDCEx
mouse_event
SetDlgItemInt
LoadBitmapW
GetSysColorBrush
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthW
TrackPopupMenu
FlashWindowEx
RegisterClassExW
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowTextW
SetCapture
GetActiveWindow
GetDlgCtrlID
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
GetCursorPos
RedrawWindow
InsertMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
ScreenToClient
EmptyClipboard
SetClipboardData
IsWindow
GetDlgItemInt
FrameRect
FillRect
DrawFocusRect
CharLowerW
InflateRect
GetSysColor
GetClassNameA
GetWindowRect
IsWindowVisible
ShowWindow
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
OpenClipboard
LoadCursorW
GetParent
CharUpperW
DrawIcon
GetDlgItemTextA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
SetCursor
MessageBeep
GetClientRect
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextExW
DrawTextW
GetMenu
GetSystemMetrics
ToAscii
GetKeyboardState
GetFocus
SetWindowPlacement
GetWindowPlacement
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
DrawFrameControl
DrawEdge
SetWindowPos
SetFocus
MoveWindow
DrawIconEx
LoadImageW
EnableWindow
GetKeyState
SendDlgItemMessageW
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
CallWindowProcW
SendMessageW
MessageBoxW
wsprintfW
GetClassNameW
CreateAcceleratorTableW
IsCharLowerW
ClientToScreen
LoadMenuW
IsDialogMessageW
SetMenu
RealChildWindowFromPoint
GetMonitorInfoW
MonitorFromWindow
CheckMenuRadioItem
SetForegroundWindow
SetMenuItemInfoW
GetMenuItemInfoW
DeleteMenu
GetMenuItemCount
DrawMenuBar
GetMenuStringW
TranslateAcceleratorW
DestroyAcceleratorTable
IsZoomed
IsIconic
ModifyMenuW
GetMenuItemID
GetSubMenu
RemoveMenu
IsCharAlphaNumericW
CreateDialogParamW
DestroyIcon
ReleaseCapture

gdi32

CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
EnumFontFamiliesExW
SetTextAlign
GetTextMetricsW
GetDeviceCaps
CreateFontIndirectW
GetObjectW
SaveDC
RestoreDC
BitBlt
GetPixel
DeleteDC
OffsetWindowOrgEx
StartDocW
EndDoc
StartPage
EndPage
ExtTextOutW
DPtoLP
GetTextExtentPointW
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
LineTo
CreateHatchBrush
SetTextColor
SetROP2
SetBkMode
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetROP2
DeleteObject
CreateSolidBrush
CreatePen
CreateFontW
SetBkColor
SetWindowOrgEx
CreateFontA

comdlg32

PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
IsTextUnicode

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 905KB - Virtual size: 905KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 681KB - Virtual size: 681KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fff450e295ff435b3363be0c9b9ea0b9

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

shell32

dbghelp

version

crypt32

wintrust

sensapi

kernel32

user32

gdi32

comdlg32

advapi32

ole32

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 905KB - Virtual size: 905KB

.data Size: 28KB - Virtual size: 110KB

.rsrc Size: 681KB - Virtual size: 681KB

.reloc Size: 142KB - Virtual size: 142KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 905KB - Virtual size: 905KB

.data
Size: 28KB - Virtual size: 110KB

.rsrc
Size: 681KB - Virtual size: 681KB

.reloc
Size: 142KB - Virtual size: 142KB