f_00019e[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f_00019e.zip
Size

299KB
MD5

f8f83729c92d3f7c45f3c51113f58909
SHA1

ceb67bdc506c8395ca10b4db459e3e590cb4462e
SHA256

28003e192af4b86fabfa9093ac66273723182cbcca0e5c16b8420bcbd6a98a35
SHA512

98c1daeaa3c3ee437d9e889e45a8ca2bb366c4c09e95095f56dd62e41a7e7d7518e75d031acf012efa7c9ae88429e9e182e8bb00fa2799c85fa85f763fbe6bd6
SSDEEP

6144:u/hffqfCy+Pto+I5qm8e3U+OHargUJHu6STDZNa2nuouyw3:uFqtTCm8e3ztrFJhilUe0

Score

1^/10

Malware Config

Signatures

Files

f_00019e.zip
.zip

Password: infected
f_00019e
.exe windows x86

1518278a73eef3848aca540a65910ad8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
InterlockedCompareExchange
lstrlenA
GlobalAlloc
FreeResource
LoadLibraryW
GetCurrentProcessId
DeviceIoControl
CreateFileW
SetFilePointer
ReadFile
LockResource
WaitForSingleObject
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteFileW
InterlockedExchange
SetConsoleCtrlHandler
GetModuleFileNameA
GetStdHandle
FatalAppExitA
HeapCreate
GetCurrentThread
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ExitProcess
RtlUnwind
CreateThread
ExitThread
TlsFree
ReleaseMutex
CloseHandle
lstrcmpiW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InitializeCriticalSection
GetLastError
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
Sleep
GetModuleFileNameW
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
HeapDestroy
HeapAlloc
HeapFree
DeleteAtom
FindAtomW
TlsAlloc
AddAtomW
OpenThread
GetAtomNameW
TlsSetValue
TlsGetValue
HeapReAlloc
HeapSize
GetProcessHeap
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
WriteFile
FlushFileBuffers
GetTempPathW
OpenMutexW
CreateMutexW
CreateFileA
GetProcAddress
InitializeCriticalSectionAndSpinCount
GetSystemTime
LocalFree
SystemTimeToFileTime
GetLocalTime
FormatMessageW
OutputDebugStringW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
RaiseException

user32

ReleaseCapture
PtInRect
SetPropW
GetWindowRect
ReleaseDC
GetDC
SetWindowLongW
GetWindowLongW
RemovePropW
GetPropW
CallWindowProcW
IsWindowVisible
MoveWindow
SetWindowPos
DefWindowProcW
CreateWindowExW
GetClassInfoExW
LoadCursorW
RegisterClassExW
SetCursor
SendMessageTimeoutW
FindWindowW
DispatchMessageW
TranslateMessage
CreateDialogParamW
PeekMessageW
DestroyWindow
ShowWindow
CharNextW
LoadImageW
GetSystemMetrics
GetMonitorInfoW
MonitorFromWindow
GetClientRect
PostQuitMessage
SetTimer
EndPaint
BeginPaint
KillTimer
ScreenToClient
GetCursorPos
CopyRect
SetWindowTextW
SendMessageW
IsDialogMessageW
MessageBoxW
GetActiveWindow
wsprintfW
PostMessageW
IsWindow
GetCapture
SetCapture
UnregisterClassA
InvalidateRect
GetMessageW

gdi32

SetBkColor
BitBlt
CreateCompatibleBitmap
SetViewportOrgEx
DeleteDC
GetDeviceCaps
EnumFontsW
CreateDIBSection
CreateCompatibleDC
SelectObject
GetObjectW
DeleteObject
ExtTextOutW

advapi32

RegQueryValueExA
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW
ord165

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString
VarUI4FromStr

shlwapi

PathAppendW
SHGetValueW
SHSetValueW
UrlUnescapeW
PathCombineW
StrStrIW
PathRemoveExtensionW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW

comctl32

_TrackMouseEvent

gdiplus

GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipDrawString
GdipMeasureString
GdipFree
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipDeleteFont
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawImageRect
GdipCreateBitmapFromStream
GdipDrawImageRectRectI
GdipGraphicsClear
GdipSetInterpolationMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipDrawImageRectRect
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFont
GdipCreateFromHDC
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM

wininet

HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetQueryOptionW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetSetOptionW
HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetReadFile

imm32

ImmDisableIME

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToCacheFileW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1518278a73eef3848aca540a65910ad8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

wininet

imm32

version

urlmon

setupapi

Sections

.text Size: 415KB - Virtual size: 415KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 81KB - Virtual size: 81KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 415KB - Virtual size: 415KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 81KB - Virtual size: 81KB

.reloc
Size: 16KB - Virtual size: 15KB