8988345380[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8988345380.zip
Size

133KB
MD5

9b52cee68de6c1497a8067e6e6e833fe
SHA1

b98a1fc275b9612c313db21f082fddf098aa5ef2
SHA256

178b8935ed4151861091f911adee38c92f20c52e0bd9e4bc855b7568e5631d2c
SHA512

5dc413fa271ba7367f2178c4a4f14a14284cad77f6862e6e514e0904f2a124f56c337ec80fcf2c144f59597e0cc01b8e6a053d244372a513499e942b4c9dc26b
SSDEEP

3072:W6DN1m8iy0PtuscJ/qEklyACGJKp4bNbf0S0M8sSzAt2Y:DDrm00PcscVqEk8jKxbcyyk

Score

1^/10

Malware Config

Signatures

Files

8988345380.zip
.zip

Password: infected
036415598d7aa21ca3610f1f22d11e927ef94f69ed879c81579cfbb247b3e6ec
.dll windows x86

c049eb3e6a65623be6a61b342aa0bb15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
Sleep
lstrcpyA
MoveFileExW
GetCurrentProcessId
CreateProcessA
TerminateJobObject
lstrcmpiW
GetTickCount
GetCommandLineW
GetCurrentProcess
TerminateProcess
SetFileAttributesW
ExitProcess
lstrcmpW
SetErrorMode
ExitThread
SetUnhandledExceptionFilter
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
TerminateThread
GetWindowsDirectoryW
GetPrivateProfileSectionNamesW
GetVersionExW
WaitForMultipleObjects
EnterCriticalSection
lstrcpynW
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
GetEnvironmentVariableA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateFileMappingA
SetEnvironmentVariableA
GetEnvironmentVariableW
GetCurrentThreadId
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
SetFilePointer
CreateJobObjectW
AssignProcessToJobObject
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateDirectoryW
lstrcmpiA
GlobalUnlock
GetTempFileNameW
lstrcpyW
CopyFileW
CreateProcessW
GetFileSize
LocalFree
GlobalLock
GetProcAddress
CreateThread
CloseHandle
DeleteFileW
GlobalAlloc
lstrcatW
LoadLibraryA
GetLastError
FormatMessageW
GetModuleHandleA
lstrcatA
GetFileAttributesW
CreateFileW
LocalAlloc
WaitForSingleObject
lstrlenA
ResumeThread
VirtualAlloc
WriteFile
lstrlenW
VirtualFree
MoveFileW
ReadFile

user32

GetUserObjectInformationW
GetThreadDesktop
MonitorFromWindow
ToAscii
SetForegroundWindow
PtInRect
OpenDesktopW
MenuItemFromPoint
HiliteMenuItem
ActivateKeyboardLayout
PrintWindow
BringWindowToTop
GetTopWindow
CreateDesktopW
SetWindowLongA
VkKeyScanExA
GetKeyboardState
GetMenuItemCount
SetActiveWindow
SetWindowPos
GetDC
GetMenu
GetWindow
IsClipboardFormatAvailable
GetProcessWindowStation
GetKeyboardLayoutList
PostMessageW
GetWindowRect
SendMessageTimeoutW
SendMessageTimeoutA
ScreenToClient
WindowFromPoint
GetWindowPlacement
IsWindow
CloseDesktop
GetKeyboardLayout
MoveWindow
SetFocus
LoadKeyboardLayoutA
SystemParametersInfoA
GetDesktopWindow
GetParent
IsWindowVisible
SetThreadDesktop
GetWindowLongA
GetWindowTextW
OemToCharA
GetClassNameW
CharLowerA
GetWindowThreadProcessId
FindWindowExW
PostMessageA
FindWindowW
EnumDesktopWindows
OpenClipboard
wvsprintfW
CloseClipboard
EmptyClipboard
wvsprintfA
GetClipboardData
SetClipboardData
wsprintfA

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateDCA
CreatePen
Rectangle
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetDIBits

advapi32

RegSetValueA
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExW
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegQueryValueA
RegEnumKeyA
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteW
SHGetFolderPathW

Exports

Exports

DllInstall

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2450028c0b6f531f5e90716a33d72617ebf22e35f02a78188e326b33fc206be4
.dll regsvr32 windows x86

504e07031691ec0854e7084c0a3240a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsA

kernel32

MoveFileExW
ExitProcess
lstrcpyW
WriteFile
GetTempPathW
lstrlenA
CreateFileW
GetFileAttributesW
lstrcatA
GetLastError
MoveFileExA
DeleteFileA
DeleteFileW
CloseHandle
Sleep
SetFileAttributesA
GetTempFileNameW
VirtualFree
VirtualAlloc
SetErrorMode
lstrcpyA
lstrcpynA
VirtualProtect
SetFileAttributesW
SetLastError
GetProcessHeap
FreeLibrary
IsBadReadPtr
GetModuleFileNameA
GetCurrentProcess
CreateProcessW
GetModuleFileNameW
lstrlenW
LocalFree
lstrcatW
GetProcAddress
LoadLibraryA
lstrcmpA
LocalAlloc
CreateThread
HeapFree

advapi32

RegSetValueExA
RegDeleteValueA
GetTokenInformation
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExW
RegQueryValueExA
RegCloseKey
RegDeleteValueW

ole32

CoUninitialize

Exports

Exports

DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c049eb3e6a65623be6a61b342aa0bb15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 5KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

504e07031691ec0854e7084c0a3240a7

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 101KB - Virtual size: 101KB

.data Size: - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 536B

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 5KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 101KB - Virtual size: 101KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 536B