d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77.zip
Size

172KB
MD5

0620b8768211e176f7ec3c5c956b9158
SHA1

2181f1282e22e0a577f9cb10e532983c6051f34e
SHA256

9821c69b65ad19be7bc96581caa4ae5f17c3f639f6b8d523adb90790b03c8e61
SHA512

675c88c27eb3240b06c6fc9049fcd6f16b673a3553e79b01334a84eee55ed2ef9ca6c854788fd7d4fd041776ec306c28c30eb72f8dfd9ba2ddc96061a9ff8a2f
SSDEEP

3072:XZiy01NZPtBr6d5kuiqA/qBpc99hM6AQzV7j8S9sfDKa937TePHUOnZo4fRdEnjW:/0Z+5kJqIq497vrV7YesfDj7TYzC6Rsa

Score

1^/10

Malware Config

Signatures

Files

d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77.zip
.zip

Password: infected
d66304251f3407d1840065b40662280acc909c3972fb93f99fa07a47c3221b77.dll
.dll windows x86

Password: infected

691e0e5bb01c2ba486b5e69e614042cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetViewportOrgEx
SetWindowOrgEx

pdh

PdhAddCounterW

advapi32

RegCloseKey
CryptContextAddRef
CryptGenKey
CreateRestrictedToken
CryptAcquireContextW

shlwapi

AssocGetPerceivedType

ws2_32

WSACleanup
inet_addr

ole32

CoCreateInstanceEx
CoGetObjectContext
StringFromGUID2

ntdsapi

DsGetDomainControllerInfoW

msvcrt

wcscoll

imm32

ImmGetCandidateListW

setupapi

SetupDiOpenDeviceInterfaceW

winmm

waveOutGetPitch

rpcrt4

NdrGetUserMarshalInfo
RpcMgmtSetCancelTimeout

wininet

InternetReadFile

user32

DefMDIChildProcW
IsWinEventHookInstalled
BlockInput
FillRect
GetWindowContextHelpId
TranslateMessage
GetWindowTextA
GetClassNameA

esent

JetInit

iphlpapi

GetIpAddrTable

kernel32

VirtualAllocEx
InitAtomTable
GetProcessVersion
DeleteTimerQueue
CreateFileW
CloseHandle
GetModuleFileNameW

lz32

LZCopy

Exports

Exports

Mbooserntyerdwq

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

691e0e5bb01c2ba486b5e69e614042cf

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

pdh

advapi32

shlwapi

ws2_32

ole32

ntdsapi

msvcrt

imm32

setupapi

winmm

rpcrt4

wininet

user32

esent

iphlpapi

kernel32

lz32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 420KB - Virtual size: 418KB

.data Size: 24KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 420KB - Virtual size: 418KB

.data
Size: 24KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 4KB