c356aa4659bdbc75dda6951fd4500e30 (6)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c356aa4659bdbc75dda6951fd4500e30 (6).zip
Size

36KB
MD5

f10b6d415531d3dd71c5533d7c27f06a
SHA1

370e5bb88186e5bb395b919bfaddb625012db97b
SHA256

c19f14874b222bb025be790f72ac5c9fac7212aee1e637eb3c6c9d808880bbfc
SHA512

edf22c6900efe7240aeb8501ec4ec01b8f04e2d4262c88da56925064b63b5bb6e88e2332e655d8bb7e15febe38e3ba6c4dd26cb16d94f764d013648e11f0b101
SSDEEP

768:WfqYcjmiB7pvm4j/74MXkRac1LmRnXpaU+p9yRIZCvbi3:QyZHvH74EkR4ZNOZCv4

Score

N/A

Malware Config

Signatures

Files

c356aa4659bdbc75dda6951fd4500e30 (6).zip
.zip

Password: infected
c356aa4659bdbc75dda6951fd4500e30
.exe windows x86

7b2b6ade7d19c019d823bd4b6b9ba8df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetUserObjectSecurity
wsprintfW
GetUserObjectSecurity
LoadStringW

shell32

CommandLineToArgvW

mfc42u

ord2756
ord922
ord535
ord925
ord5601
ord3971
ord825
ord823
ord800
ord858
ord540
ord538
ord415
ord715
ord5616
ord4124
ord1081
ord4199
ord942
ord5706
ord861
ord3658
ord1863
ord2606
ord996
ord927

msvcrt

__CxxFrameHandler
time
fclose
printf
_iob
wcscmp
_wcsnicmp
fputws
ctime
fwprintf
_wfopen
fgetws
fflush
clock
_c_exit
_exit
_XcptFilter
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ

advapi32

LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
SetFileSecurityW
GetFileSecurityW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
AdjustTokenPrivileges

kernel32

BackupRead
BackupWrite
lstrcpyW
FindNextFileW
RemoveDirectoryW
GlobalAlloc
CreateFileW
SetFileAttributesW
CreateDirectoryExW
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
FindClose
GlobalFree
GetVolumeInformationW
CompareFileTime
FormatMessageW
WideCharToMultiByte
GetVersion
lstrcmpiW
lstrcatW
ExpandEnvironmentStringsW
CopyFileExW
lstrcmpW
GetSystemTime
FileTimeToSystemTime
LocalFileTimeToFileTime
lstrlenW
GetModuleHandleW
SystemTimeToFileTime
GetCommandLineW
SetErrorMode
FindFirstChangeNotificationW
CreateWaitableTimerW
SetWaitableTimer
WaitForMultipleObjects
CloseHandle
FindCloseChangeNotification
FindNextChangeNotification
GetCurrentProcessId
OpenProcess
GetLastError
SetLastError
GetLocalTime
SetFileTime
Sleep
DeleteFileW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetFullPathNameW
GetSystemTimeAsFileTime

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ydata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

7b2b6ade7d19c019d823bd4b6b9ba8df

Headers

DLL Characteristics

File Characteristics

Imports

user32

shell32

mfc42u

msvcrt

advapi32

kernel32

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 135KB

.rsrc Size: 23KB - Virtual size: 23KB

.ydata Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 135KB

.rsrc
Size: 23KB - Virtual size: 23KB

.ydata
Size: 4KB - Virtual size: 4KB