9034677140[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9034677140.zip
Size

499KB
MD5

1d00dc6a2d6e59eceb38c596cfa6399b
SHA1

ff30ccc2f5eeb1657222b435b3f163d9f906ed61
SHA256

73d088126c3945a8bd6b57083623a84ec1eecb7def19cb3d781667f238af5fe6
SHA512

e47e75097f77b5ac172d506f221b57d84d6ed322a290096cfdf612a0ae4f4dd6504c5ff81f1fc247c2f29eb650b7366d182005005b2cfa1203ef2dc7969d0f2b
SSDEEP

12288:ptkUssfzsSXA5fkFt7NDuIxbRliTZWP3Sj2VNSUav1l4H20f:j4Q4SXQfkFRNvb32bj2nT2l4W0f

Score

1^/10

Malware Config

Signatures

Files

9034677140.zip
.zip

Password: infected
6cd92db9ebc8a8a879d86002971b93562928eca738a2fe14228479cb6cc1fe33
.exe windows x64

Password: infected

9793ae770aedaf23741755cf9dce4784

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindVolumeClose
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
CreateFileW
WriteFile
CloseHandle
GetFileSizeEx
ReadFile
WaitForSingleObject
CreateThread
MoveFileW
TerminateProcess
OpenProcess
lstrcmpiW
QueryFullProcessImageNameW
K32EnumProcesses
HeapAlloc
HeapFree
GetProcessHeap
Sleep
FindNextVolumeW
CopyFileW
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
HeapSize
FindFirstVolumeW
lstrcmpW
GetModuleFileNameW
GetTickCount
CreateProcessA
OpenMutexW
CreateMutexW
GetLastError
GetTempPathW
GetFileAttributesW
FindNextFileW
FindFirstFileW
GetComputerNameExW
FindClose
HeapReAlloc
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WaitForSingleObjectEx
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LocalFree
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
GetCurrentProcessId
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
RtlUnwind

user32

CharLowerW

shell32

SHChangeNotify

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoInitializeSecurity

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantInit

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
EnumServicesStatusW
EnumDependentServicesW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegCreateKeyExW

wldap32

ord72
ord41
ord26
ord14
ord135
ord206
ord224
ord27
ord145
ord88
ord191
ord13
ord140

Sections

.text
Size: 811KB - Virtual size: 810KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9793ae770aedaf23741755cf9dce4784

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

wldap32

Sections

.text Size: 811KB - Virtual size: 810KB

.rdata Size: 195KB - Virtual size: 194KB

.data Size: 43KB - Virtual size: 55KB

.pdata Size: 33KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 811KB - Virtual size: 810KB

.rdata
Size: 195KB - Virtual size: 194KB

.data
Size: 43KB - Virtual size: 55KB

.pdata
Size: 33KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB