virus[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

virus.zip
Size

100KB
MD5

6ae9f41a9081fb6877af463ed0c0ff49
SHA1

6e3f75ee445c403d0bcd81c7350a0791487c374b
SHA256

16daee545af6e9b13ad754215b0a20b24df37d5ec230a6270a30223e15db6b01
SHA512

92ee9b81bc560b8bc1f93dd748634fe0888962a8552e0f4208a4ddba378a0ae4eb7110dcb6165f4ac68f4c165d8fd2706ea3e64fe55ea1ddbb9cd194656edc84
SSDEEP

1536:fPTIW7P+2hli0nfAZPQkfqYMBJrsC6gRP6FAk7y2OJ7uO/souvABv56LhJZQturR:frIW5hc4kfVGJACwAh3J7uAXQOurR

Score

N/A

Malware Config

Signatures

Files

virus.zip
.zip

Password: infected
6c6fd352b2c058be971d4f192adda1647b4fe19ab2ea19cc3d82ca4b8eb14138
.exe windows x86

e0430138f400efe220878b0cbf1db846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAStartup
gethostname
closesocket
send
select
recv
htons
getservbyname
ioctlsocket
gethostbyname
socket
setsockopt
connect
WSAGetLastError
inet_ntoa
getsockopt
ntohl
htonl

kernel32

SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
WriteFile
ReadFile
GetStdHandle
CloseHandle
GetLastError
CreateFileW
GetVersionExW
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
GetVersion
GetFileType
GetFileSize
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
Sleep
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
lstrcmpiW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
GetComputerNameW
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetSystemTime
WideCharToMultiByte
HeapReAlloc
RaiseException
HeapSize
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
IsBadReadPtr
IsBadCodePtr
GetCPInfo
LoadLibraryA
GetStringTypeA

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e0430138f400efe220878b0cbf1db846

Headers

File Characteristics

Imports

wsock32

kernel32

advapi32

Sections

.text Size: 136KB - Virtual size: 133KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 16KB - Virtual size: 81KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 136KB - Virtual size: 133KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 16KB - Virtual size: 81KB

.rsrc
Size: 4KB - Virtual size: 1KB