8cc84c910910535990b7ec98b521f7bb84774a78fa488a27dacff5590a7322e3[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8cc84c910910535990b7ec98b521f7bb84774a78fa488a27dacff5590a7322e3.zip
Size

115KB
MD5

fab71b343bcfde448abab93904847ee2
SHA1

6635fbf2fc53b00b8d1289400c75579962a267db
SHA256

29375a5dca90281d1c512e06790ff42084bfa157fdc5f6ddbc52feb07426c517
SHA512

7fbc4293dd1f549c3109e13e1eadeccaa8dd59546d75042a7b3d2e2a95e882986db11c252e9db27030eeed314d25e5de5757d109a4c9af7d61bb004747d717aa
SSDEEP

3072:dzGIbZKBxl8nDgGlVRx1EbgmJV/iFpcWgzv0EjdXJEbMb/+9eyVf7gi:dz4YNT1EBJV/QaZbjFJcc/CeyX

Score

1^/10

Malware Config

Signatures

Files

8cc84c910910535990b7ec98b521f7bb84774a78fa488a27dacff5590a7322e3.zip
.zip

Password: infected
8cc84c910910535990b7ec98b521f7bb84774a78fa488a27dacff5590a7322e3.exe
.exe windows x86

Password: infected

df8a796efae3afbd108a0518d0602ca7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptQueryObject
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObjectEx
CryptBinaryToStringA
CryptStringToBinaryA
CertGetNameStringW

wininet

InternetCrackUrlA
InternetReadFile
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetConnectA

shlwapi

StrSpnA
StrPBrkA
PathCombineW
PathSkipRootW
PathRemoveExtensionW
StrCmpIW
StrStrIW
StrToIntA
StrCmpNW
PathMatchSpecW
StrChrW
StrToInt64ExA
PathUnquoteSpacesW
StrCmpNIA
PathFindFileNameW
StrStrIA
StrChrA
StrChrIA
StrCpyNW
StrCmpNIW
StrChrIW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

imagehlp

CheckSumMappedFile

ws2_32

sendto
inet_ntoa
inet_addr
htonl
shutdown
closesocket
gethostbyname
WSAStartup
socket
htons

kernel32

GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
SetConsoleTitleW
MultiByteToWideChar
CreateThread
WideCharToMultiByte
MoveFileW
IsBadWritePtr
LocalFree
TlsAlloc
CreateDirectoryW
SetErrorMode
GetSystemWindowsDirectoryW
GetModuleHandleW
OpenMutexW
GetVolumeInformationW
lstrcatW
GetProcAddress
GetDateFormatW
SetFilePointerEx
WaitForSingleObject
SetEvent
OutputDebugStringW
SetFileTime
InitializeCriticalSection
LeaveCriticalSection
GetTimeFormatW
GetFileAttributesW
FileTimeToSystemTime
GetFileSizeEx
EnterCriticalSection
CreateEventW
GetFileTime
DeleteCriticalSection
CloseHandle
FileTimeToLocalFileTime
lstrcpyW
GetStdHandle
ExitProcess
GetCurrentThreadId
GetTempFileNameW
MapViewOfFile
WriteConsoleW
FindResourceW
FreeLibrary
LoadResource
CreateProcessW
LoadLibraryExW
LoadLibraryW
CopyFileW
SizeofResource
ReadProcessMemory
lstrcpynW
CreateProcessA
TerminateProcess
FlushInstructionCache
GetTempPathW
VirtualAllocEx
CreateFileMappingW
FormatMessageW
OpenEventW
DeleteFileW
WriteProcessMemory
ResumeThread
FindFirstFileW
GetModuleFileNameW
FindClose
SetFileAttributesW
GetCommandLineW
GetFileAttributesA
CreateMutexW
SearchPathW
GetCurrentProcess
IsBadStringPtrW
GetCurrentThread
CreateToolhelp32Snapshot
SetThreadPriority
VirtualProtect
IsBadReadPtr
OutputDebugStringA
SetProcessShutdownParameters
GetModuleHandleA
Process32NextW
GetSystemInfo
lstrlenA
lstrcpyA
GetEnvironmentVariableW
IsBadCodePtr
IsBadStringPtrA
GetVersionExW
GetTickCount
WaitForMultipleObjects
SetConsoleCursorPosition
AllocConsole
ExpandEnvironmentStringsW
GetWindowsDirectoryW
MulDiv
lstrcmpiW
SetCurrentDirectoryW
lstrcmpiA
GetLastError
FlushFileBuffers
lstrlenW
CreateFileW
UnmapViewOfFile
GetNativeSystemInfo
GetDriveTypeW
GetLogicalDrives
VirtualFree
VirtualAlloc
QueryDosDeviceW
FindNextFileW
GetCurrentProcessId
HeapReAlloc
HeapAlloc
HeapCreate
HeapValidate
SetLastError
GetProcessHeaps
HeapSetInformation
ReadFile
GetSystemWow64DirectoryW
Sleep
lstrcpynA
GetComputerNameA
Process32FirstW
GetSystemDirectoryW
WriteFile
RtlUnwind
GetProcessHeap
GetFileSize
HeapFree
GetHandleInformation
MoveFileExW
SetFilePointer
LockResource
OpenProcess
SetEndOfFile

advapi32

LookupPrivilegeValueW
SetKernelObjectSecurity
CreateWellKnownSid
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
DuplicateToken
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegFlushKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegOpenKeyW
RegCreateKeyExW
AdjustTokenPrivileges
CryptGetKeyParam
CryptAcquireContextW
CryptDestroyKey
GetLengthSid
RegEnumKeyW
ConvertSidToStringSidW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
InitiateSystemShutdownExW
CryptGenRandom
CryptReleaseContext
GetUserNameW

netapi32

NetUserEnum
NetUserSetInfo
NetUserGetInfo
NetApiBufferFree

user32

DefWindowProcW
GetSystemMetrics
DispatchMessageW
GetForegroundWindow
RegisterClassW
CreateWindowExW
PeekMessageW
TranslateMessage
wsprintfW
wsprintfA
CharLowerBuffA
ExitWindowsEx
GetSystemMenu
DeleteMenu
FindWindowW
GetKeyboardLayoutList
EnableMenuItem
ReleaseDC
SystemParametersInfoW
GetDC
DrawTextA
FillRect
GetLastInputInfo
UnregisterClassW
RegisterClassExW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
SHChangeNotify
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoInitialize

ntdll

memmove
ZwOpenProcess
isspace
ZwClose
ZwQuerySystemInformation
_chkstk
ZwOpenDirectoryObject
_allmul
_aullshr
_alldiv
ZwQueryInformationProcess
RtlDosPathNameToNtPathName_U
NtDeleteFile
RtlFreeUnicodeString
ZwOpenSection
memset
_aulldvrm
memcpy
NtQueryVirtualMemory

oleaut32

SysFreeString
SysAllocString

gdi32

SetTextColor
DeleteDC
GetDeviceCaps
GetDIBits
SetBkColor
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

df8a796efae3afbd108a0518d0602ca7

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

wininet

shlwapi

version

mpr

imagehlp

ws2_32

kernel32

advapi32

netapi32

user32

shell32

ole32

ntdll

oleaut32

gdi32

Sections

.text Size: 85KB - Virtual size: 85KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 14KB

.cdata Size: 100KB - Virtual size: 100KB

.CRT Size: 512B - Virtual size: 4B

.text
Size: 85KB - Virtual size: 85KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 14KB

.cdata
Size: 100KB - Virtual size: 100KB

.CRT
Size: 512B - Virtual size: 4B