8631216932[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8631216932.zip
Size

81KB
MD5

edd73b8fd1f48103aaa832a0f01173c8
SHA1

d7cc4ce5d5f19f94a01847399fa0994f4f96dbf4
SHA256

186b4d30329be869fe6959d7a1a053dc23dfc1c0fd5e8f78b28ddd7830bd10be
SHA512

90a35f66ada0311c5657994bf3742bb53513df67e2e514733ff1fa61a03e852aece994f2115f382efd758653ed1e965e6b984a7e3032dace0bd5a6ba3580ee0d
SSDEEP

1536:BAP5zLHrqd00q7n61YSDhqZltUdTF/gxGMAyI82m4N1YHbzD4Ll/1YT1LEegXuEe:EPrqkyYQ4tsCBo88N1uz6l/12LEzXBuN

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/9033a46f756fa5225ed30692317d92b31fa5b23fa4587caa87172031efa25e12	Nirsoft

Files

8631216932.zip
.zip

Password: infected
9033a46f756fa5225ed30692317d92b31fa5b23fa4587caa87172031efa25e12
.exe windows x64

42b5f4f0f707724d689d5ca472e13a35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_purecall
__setusermatherr
_commode
_fmode
__set_app_type
_wcslwr
qsort
_itow
malloc
_ultow
free
_memicmp
wcschr
modf
_wtoi
wcstoul
wcsrchr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcsncmp
_wcsicmp
_wcsnicmp
_snwprintf
wcsncat
memcpy
memset
memcmp

comctl32

ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon
ord17
ImageList_Add
ImageList_AddMasked
ImageList_Create

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

crypt32

CryptUnprotectData

kernel32

Process32NextW
CreateToolhelp32Snapshot
CreateRemoteThread
EnumResourceTypesW
Process32FirstW
GetStartupInfoW
GetLogicalDrives
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LocalFree
FreeLibrary
GetProcAddress
GetLastError
LocalAlloc
CloseHandle
GetFileSize
LoadLibraryW
GetModuleHandleW
GetDriveTypeW
GetVersionExW
FindClose
FindFirstFileW
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WriteFile
ReadFile
GetModuleFileNameW
lstrcpyW
FindResourceW
CreateFileW
LoadResource
GetNumberFormatW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
LockResource
GetSystemDirectoryW
MultiByteToWideChar
LoadLibraryExW
lstrlenW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetCurrentProcess
GetLocaleInfoW
GetDateFormatW
GetTempFileNameW
SizeofResource
GlobalLock
FindNextFileW
FormatMessageW
OpenProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetTickCount
GetStdHandle
WaitForSingleObject
WriteProcessMemory
ResumeThread
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
SetErrorMode
DeleteFileW
ExitProcess
GetCurrentProcessId

user32

GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorW
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
InvalidateRect
UpdateWindow
GetWindowRect
SendMessageW
SetDlgItemTextW
GetDlgItemInt
GetDlgItemTextW
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
EndPaint
DeferWindowPos
BeginPaint
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CheckMenuItem
GetMenuItemCount
GetMenuStringW
ScreenToClient
CheckMenuRadioItem
CloseClipboard
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetParent
GetMenu
GetSubMenu
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetClassNameW
MoveWindow
OpenClipboard
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
GetFocus
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW
CallWindowProcW
SetCapture
FillRect
ReleaseCapture
GetWindow

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
PatBlt
CreateSolidBrush
GetDeviceCaps
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetObjectW

comdlg32

FindTextW
GetSaveFileNameW

advapi32

DuplicateTokenEx
RevertToSelf
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
ImpersonateLoggedOnUser

shell32

ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

42b5f4f0f707724d689d5ca472e13a35

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

crypt32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 9KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 23KB - Virtual size: 23KB