0x0009000000022e59-172[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

0x0009000000022e59-172.zip
Size

730KB
MD5

e4894073d6c368f29aacc7c821deeb06
SHA1

92864c441b15da73c2d5248fafa6e07e5d921aa9
SHA256

b0545a4e672d6088ca18c7e51f8f64d01b6e01970c3259d52d88966425659c42
SHA512

25322b5560e576bbd3afd6a45747087b30e7d78eac3c3edd233b3c59e6b87c7429ea2ba9e5da0c9a0a051a2aae4e4a213f3e0f0a0aaad0abd2d95fd096ed2944
SSDEEP

12288:U6Uc/74ccrk0nXoYFKwLCRk5lO23O+szTcufDNC5rF15sVAzmk1S9d+imz20i3Bw:Ue/crrk0nhFKwLC32lszYwhOf5VyE2Av

Score

N/A

Malware Config

Signatures

Files

0x0009000000022e59-172.zip
.zip

Password: infected
0x0009000000022e59-172.dat
.exe windows x86

30391f7a8dda44e8335bcaa342b1660b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d2d1

ord1
ord2

shlwapi

PathMatchSpecW

comctl32

ord345
ord344

kernel32

Sleep
SetThreadPriority
InitializeCriticalSection
WaitForSingleObject
CreateEventW
GetExitCodeThread
SetEvent
CloseHandle
CreateThread
ResetEvent
DeleteCriticalSection
AcquireSRWLockExclusive
AssignProcessToJobObject
CompareStringW
ConnectNamedPipe
CreateDirectoryW
GetCurrentProcess
VirtualProtectEx
VirtualAllocEx
HeapFree
MultiByteToWideChar
GlobalAlloc
GlobalFree
HeapAlloc
GlobalLock
GetProcessHeap
WideCharToMultiByte
GlobalUnlock
GetModuleFileNameW
CreateProcessW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetLocaleInfoW
LCMapStringW
WriteFile
GetStdHandle
LeaveCriticalSection
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW
EnterCriticalSection
IsValidLocale
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileSizeEx
GetUserDefaultLCID
WriteConsoleW
GetModuleHandleExW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
FindNextFileW
FindFirstFileExW
FindClose

user32

UpdateWindow
SetFocus
SetCapture
GetCapture
wsprintfW
ReleaseCapture
SetCursor
LoadCursorW
LoadStringW
GetMessageW
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
GetWindowThreadProcessId
IsWindow
PostMessageW
RegisterClassW
SendMessageTimeoutW
SetProcessDPIAware
SetProcessWindowStation
TranslateMessage
UnregisterClassW
MessageBoxA
EnableWindow
DialogBoxParamW
GetDlgItem
IsDlgButtonChecked
InvalidateRect
SetWindowTextW
GetClientRect
CloseWindow
SetWindowPos
GetWindowRect
DefWindowProcW
GetWindowLongW
SetWindowLongW
CreateWindowExW
RegisterClassExW
PostQuitMessage
DispatchMessageW
SendMessageW
IsChild
WindowFromPoint
GetCursorPos
GetParent
SendNotifyMessageW
CloseGestureInfoHandle
GetGestureInfo
TrackMouseEvent
EndPaint
BeginPaint
SetGestureConfig
LoadIconW
MessageBoxW
EndDialog
ShowWindow
SendDlgItemMessageW

gdi32

CreateSolidBrush
SetBkMode
DeleteObject

shell32

SHGetFolderPathW
ord155
SHCreateItemWithParent
SHGetKnownFolderItem
SHCreateItemInKnownFolder
ShellExecuteW
SHCreateItemFromParsingName
SetCurrentProcessExplicitAppUserModelID

ole32

CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoTaskMemAlloc
PropVariantClear

webservices

WsCreateError
WsFreeHeap
WsCreateServiceProxy
WsFreeServiceProxy
WsFreeError
WsCreateHeap
WsCloseServiceProxy
WsOpenServiceProxy
WsCall

ncrypt

BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptGetProperty

xmllite

CreateXmlReader
CreateXmlReaderInputWithEncodingCodePage

winhttp

WinHttpConnect
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime

dwrite

DWriteCreateFactory

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

30391f7a8dda44e8335bcaa342b1660b

Headers

DLL Characteristics

File Characteristics

Imports

d2d1

shlwapi

comctl32

kernel32

user32

gdi32

shell32

ole32

webservices

ncrypt

xmllite

winhttp

userenv

version

winmm

dwrite

Sections

.text Size: 263KB - Virtual size: 262KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 263KB - Virtual size: 262KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 18KB - Virtual size: 17KB