MDE_File_Sample_ef2e02c1849404b51ae1ee1f4e17474a5e55c373[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_ef2e02c1849404b51ae1ee1f4e17474a5e55c373.zip
Size

18.4MB
MD5

510df7da2f1bb782be50ae6beea2e8e7
SHA1

5bde86999676395f94d388683f0a00451b22a5a2
SHA256

fa2e8eb30cc3c968c491c304d282306e3e37d89dafbab0d5f6f2b6ac75acd476
SHA512

138368609b2c3dcfaf97ab1b2ca7596712fcce415d788a92608f35fb73fef5c249d183986723efdb6b50be5d791c890f493a335a03225fa8d76fb15924a047ca
SSDEEP

393216:LTeU7SCG8IL1seocJEcy1xuKKYCUt6+ECk1Ke7M4LV+XDPKLfEDUHw:LTXVvIJfnJQ/TKRKk1RNOue2w

Score

N/A

Malware Config

Signatures

Files

MDE_File_Sample_ef2e02c1849404b51ae1ee1f4e17474a5e55c373.zip
.zip

Password: infected
MATPEL 2006.exe
.exe windows x86

Password: infected

848d49bb9a77c37be678685976ea9ca5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

GetTickCount
WaitForSingleObject
Sleep
GetProcAddress
SetEvent
ResetEvent
Beep
LoadLibraryA
CreateEventA
GetFileAttributesA
lstrcpyA
GetVersionExA
DeleteFileA
GetTempPathA
GetTempFileNameA
MoveFileA
lstrcpynA
GetModuleHandleA
lstrcmpA
lstrcatA
lstrlenA
WriteFile
SetFileAttributesA
CreateFileA
GlobalLock
CloseHandle
GlobalAlloc
GetModuleFileNameA
GlobalUnlock
lstrcmpiA
WideCharToMultiByte
VirtualAlloc
GetFileType
GetEnvironmentVariableA
DeleteCriticalSection
IsBadCodePtr
InterlockedExchange
GetStringTypeA
SetStdHandle
ReadFile
SetFilePointer
GetFileSize
MapViewOfFile
CreateFileMappingA
GetSystemInfo
UnmapViewOfFile
OutputDebugStringA
GlobalFree
GetFullPathNameA
FormatMessageA
GetLastError
LocalFree
FreeLibrary
IsBadWritePtr
MulDiv
GetACP
LeaveCriticalSection
LoadLibraryExA
EnterCriticalSection
InitializeCriticalSection
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
SetEnvironmentVariableA
MultiByteToWideChar
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
HeapFree
RaiseException
IsBadReadPtr
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
HeapSize
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
FlushFileBuffers
SetUnhandledExceptionFilter

user32

GetDesktopWindow
IsWindow
GetParent
CharNextA
InvalidateRgn
SetMenu
SetRectEmpty
GetSysColor
DestroyIcon
SendDlgItemMessageA
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
IsDlgButtonChecked
IsIconic
CharUpperA
DialogBoxParamA
GetWindowRect
GetSystemMetrics
GetClassInfoA
SetWindowLongA
GetWindowLongA
GetDlgItem
SendMessageA
SetRect
LoadIconA
RegisterClassA
CreateWindowExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage
DefWindowProcA
GetDC
DrawTextA
ReleaseDC
MessageBoxA
PostMessageA
KillTimer
BeginPaint
FillRect
EndPaint
LoadStringA
SetWindowPos
ShowWindow
GetClientRect
DestroyWindow
SystemParametersInfoA
LoadCursorA
SetCursor
SetTimer
InvalidateRect
UpdateWindow
wsprintfA
EndDialog

gdi32

PlayEnhMetaFile
PolyBezier
PathToRegion
SelectClipRgn
CreateSolidBrush
GetObjectA
CreateCompatibleDC
SetBkColor
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
DeleteDC
SelectObject
EndPath
Polygon
CreateRectRgn
GetDIBColorTable
CombineRgn
SetDIBitsToDevice
DeleteEnhMetaFile
BeginPath
MoveToEx
PolyBezierTo
LineTo
CreatePalette
StretchDIBits
GetStockObject
GetRgnBox
SetRectRgn
CreateDIBSection

comdlg32

GetFileTitleA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

shell32

ExtractIconExA

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

848d49bb9a77c37be678685976ea9ca5

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 220KB - Virtual size: 216KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 24KB - Virtual size: 29KB

.tls Size: 4KB - Virtual size: 4B

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 220KB - Virtual size: 216KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 24KB - Virtual size: 29KB

.tls
Size: 4KB - Virtual size: 4B

.rsrc
Size: 20KB - Virtual size: 18KB