MDE_File_Sample_901d571103012cdd7aaae3622bcd65086bb334aa[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_901d571103012cdd7aaae3622bcd65086bb334aa.zip
Size

4.0MB
MD5

a37117c46d636c5fd702f2b2a481b960
SHA1

b8157e84ddd5c984f51985aac16858ed2be5fda1
SHA256

a6c6da57f79e96465fd907dab867c1b080b05b25c6442cb8696bc1bf718049df
SHA512

cab1da9115bddc50c488e7ee0840846c2c6ca1336524d361443218f1776d055069363af586be8bd2f2f8b79298e6def82b420007be8128a578ca4f861ede4ed0
SSDEEP

98304:6c0A6kgj0tgIBhg2dEL7GYJSxk5l3dIUyYmI8sk3OpYfloEw+E:6cvX3ELKY5rNIUGHseiioH

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_901d571103012cdd7aaae3622bcd65086bb334aa.zip
.zip

Password: infected
ChatGPT_0.10.3_x64_en-US.msi
.exe windows x64

Password: infected

f5d8c53bee8c6d5b2ecd4934610bc6aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
NtCancelIoFileEx
RtlLookupFunctionEntry
RtlGetNtVersionNumbers
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlCaptureContext

kernel32

CreatePipe
SetThreadStackGuarantee
AddVectoredExceptionHandler
CompareStringOrdinal
RemoveDirectoryW
CopyFileExW
FindClose
GetCommandLineW
GlobalUnlock
GlobalLock
GetFileInformationByHandle
GlobalAlloc
TryAcquireSRWLockExclusive
LoadLibraryW
EnterCriticalSection
GetProcessId
TerminateProcess
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentProcess
ReleaseMutex
GetEnvironmentVariableW
FormatMessageW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFilePointerEx
GetFileInformationByHandleEx
GetFullPathNameW
GetFinalPathNameByHandleW
FindNextFileW
CreateDirectoryW
FindFirstFileW
GetModuleHandleW
GetCurrentThreadId
AcquireSRWLockExclusive
DeleteCriticalSection
SetEvent
SetHandleInformation
ResetEvent
SetFileCompletionNotificationModes
SetEnvironmentVariableW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
IsDebuggerPresent
UnhandledExceptionFilter
WaitForMultipleObjects
GetOverlappedResult
GetExitCodeProcess
CreateEventW
CancelIo
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
DeleteFileW
MoveFileExW
SetFileInformationByHandle
SetFileAttributesW
SleepConditionVariableSRW
SetUnhandledExceptionFilter
GetLastError
IsProcessorFeaturePresent
RaiseException
HeapReAlloc
GetProcessHeap
HeapAlloc
CreateIoCompletionPort
TlsSetValue
GetSystemInfo
EncodePointer
HeapFree
SwitchToThread
GetProcAddress
GetQueuedCompletionStatusEx
Sleep
lstrlenW
GetModuleHandleA
TlsAlloc
TlsGetValue
InitializeSListHead
WakeConditionVariable
ReleaseSRWLockExclusive
LoadLibraryExW
WakeAllConditionVariable
SetFileTime
CreateHardLinkW
CloseHandle
OutputDebugStringW
OutputDebugStringA
LCIDToLocaleName
GetUserDefaultUILanguage
TlsFree
FreeLibrary
PostQueuedCompletionStatus
CreateSymbolicLinkW

secur32

ApplyControlToken
FreeContextBuffer
EncryptMessage
AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext
InitializeSecurityContextW
FreeCredentialsHandle
DecryptMessage
AcquireCredentialsHandleA

crypt32

CertFreeCertificateContext
CertAddCertificateContextToStore
CertGetCertificateChain
CertOpenStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore

ws2_32

getsockname
WSASend
bind
connect
getaddrinfo
freeaddrinfo
WSAStartup
WSAIoctl
select
WSAGetLastError
setsockopt
getsockopt
send
recv
getpeername
ioctlsocket
shutdown
closesocket
WSACleanup
WSASocketW

advapi32

RegCloseKey
EventSetInformation
EventWriteTransfer
EventUnregister
RegGetValueW
EventRegister
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

user32

RegisterClipboardFormatW
CloseClipboard
RegisterHotKey
CheckMenuItem
SetClipboardData
MonitorFromPoint
IsWindowVisible
SetCursorPos
GetForegroundWindow
EnumDisplayMonitors
CreateMenu
CreatePopupMenu
IsProcessDPIAware
GetDC
ToUnicodeEx
GetWindowLongW
GetMessageA
DispatchMessageA
EmptyClipboard
GetClipboardData
OpenClipboard
TrackPopupMenu
CreateAcceleratorTableW
GetCursorPos
EnumChildWindows
SetMenu
SetWindowDisplayAffinity
GetMenu
AdjustWindowRectEx
DestroyAcceleratorTable
GetMonitorInfoW
PostQuitMessage
UnregisterHotKey
SetMenuItemInfoW
AppendMenuW
GetWindowPlacement
SystemParametersInfoA
RegisterTouchWindow
GetWindowRect
GetSystemMetrics
SetForegroundWindow
LoadCursorW
GetKeyboardLayout
SendInput
SetCursor
DefWindowProcW
CloseTouchInputHandle
GetWindowLongPtrW
SetWindowTextW
ScreenToClient
GetTouchInputInfo
SetCapture
ShowCursor
ClipCursor
GetClipCursor
GetActiveWindow
ClientToScreen
SetWindowLongW
SendMessageW
EnableMenuItem
GetSystemMenu
InvalidateRgn
SetWindowPos
ShowWindow
VkKeyScanW
GetKeyboardState
MapVirtualKeyExW
MonitorFromRect
TrackMouseEvent
FlashWindowEx
GetKeyState
GetAsyncKeyState
RedrawWindow
GetClientRect
DestroyWindow
CreateWindowExW
SetWindowLongPtrW
CreateIcon
IsWindow
RegisterClassW
MessageBoxW
RegisterWindowMessageA
RegisterClassExW
GetMessageW
ChangeDisplaySettingsExW
ReleaseCapture
RegisterRawInputDevices
GetRawInputData
ValidateRect
PostThreadMessageW
PeekMessageW
DestroyIcon
SetWindowPlacement
PostMessageW
MsgWaitForMultipleObjectsEx
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetAncestor
MapVirtualKeyW
GetUpdateRect
MonitorFromWindow

shell32

Shell_NotifyIconW
SHCreateItemFromParsingName
ShellExecuteW
DragFinish
DragQueryFileW
SHGetKnownFolderPath
Shell_NotifyIconGetRect

comctl32

RemoveWindowSubclass
DefSubclassProc
SetWindowSubclass

ole32

CoTaskMemAlloc
RegisterDragDrop
CoCreateInstance
OleInitialize
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemFree
RevokeDragDrop

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

uxtheme

SetWindowTheme

gdi32

GetDeviceCaps
CreateRectRgn
DeleteObject

dwmapi

DwmEnableBlurBehindWindow

oleaut32

SysFreeString
SysStringLen
GetErrorInfo
SetErrorInfo

api-ms-win-crt-math-l1-1-0

trunc
round
__setusermatherr
floor

api-ms-win-crt-string-l1-1-0

wcslen
strcpy_s
_wcsicmp
wcsncmp

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
abort
exit
_set_app_type
_seh_filter_exe
_exit
_initialize_onexit_table
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_set_new_mode
_callnewh

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f5d8c53bee8c6d5b2ecd4934610bc6aa

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

secur32

crypt32

ws2_32

advapi32

user32

shell32

comctl32

ole32

bcrypt

uxtheme

gdi32

dwmapi

oleaut32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 4.6MB - Virtual size: 4.6MB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 291KB - Virtual size: 290KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 4.6MB - Virtual size: 4.6MB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 291KB - Virtual size: 290KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 35KB - Virtual size: 34KB