General
-
Target
archive.zip
-
Size
235KB
-
MD5
3be23fea6855da0fe0a90e705ef2c704
-
SHA1
c25caaa06eb01bfb697550ebf7ee067a00f85726
-
SHA256
14432b09b92c3ac0c22804477d6fa132a6ab11111cee78998ca8ea1732d73e9f
-
SHA512
399c447b50ebf385f108b3f155569b07f3e0e7514a9146d6c86bf39377583c36c1da429fd2ad46fe9847343e5f39f2ea8fbef05a57a66b76dfd18dbdef499b5b
-
SSDEEP
6144:6QeHN8p+HyAOWdMyNam0hAR7IMA92faUGbjW8E6R:FciFWdhNameAR692lgC6R
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Signatures
-
Nymaim family
Files
-
archive.zip.zip
-
2282e8f9b790196778d01baff2a63a13c26fe1bef52a750544c820c46cf9e1d8.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 177KB - Virtual size: 177KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 59KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 76KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
c8d9a9758516d5a8936bd3bc01a9997fb677ed1dc54081caa985883935ff092b.exe.exe windows x86
851a0ba8fbb71710075bdfe6dcef92eb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mpr
WNetEnumResourceW
WNetUseConnectionW
WNetOpenEnumW
WNetCloseEnum
ws2_32
ioctlsocket
getpeername
ntohl
select
WSAGetLastError
htons
recv
socket
closesocket
getsockopt
WSAAddressToStringW
htonl
connect
iphlpapi
GetIpAddrTable
winhttp
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
kernel32
FindClose
FindNextFileW
SystemTimeToFileTime
OpenProcess
FindFirstFileW
MoveFileW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
GetCurrentThreadId
GetLocalTime
ExitProcess
SetFilePointer
WaitForSingleObject
GetComputerNameW
SetEvent
GetLogicalDrives
GetTickCount
Sleep
CopyFileW
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
CreateEventW
WaitForMultipleObjects
CloseHandle
SetFileAttributesW
CreateThread
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ResetEvent
DeleteCriticalSection
AllocConsole
WriteFile
WideCharToMultiByte
WriteConsoleW
GetStdHandle
CreateMutexW
CreateProcessW
GetCurrentProcess
SetHandleInformation
HeapFree
GetLocaleInfoW
ReadProcessMemory
TerminateProcess
GetModuleFileNameW
FlushFileBuffers
OpenMutexW
GetLastError
GetProcAddress
Process32FirstW
GetExitCodeThread
CreatePipe
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
ReleaseMutex
GetVersion
DeleteFileW
GetCurrentProcessId
GetVolumeInformationW
ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
HeapReAlloc
QueryPerformanceCounter
user32
GetWindowThreadProcessId
GetShellWindow
advapi32
FreeSid
LookupPrivilegeValueW
OpenProcessToken
GetTokenInformation
EqualSid
RegSetValueExW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
LookupAccountSidW
AllocateAndInitializeSid
DuplicateTokenEx
RegQueryValueExW
shell32
ShellExecuteExW
ole32
CoGetObject
CoInitializeEx
CoUninitialize
Sections
.text Size: 33KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.cdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE