442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7.zip
Size

339KB
MD5

318400472987ac3388dea051e040c7b2
SHA1

e426e90eba8c12c08ff9d23ec0973937c21bc0c0
SHA256

9fdda87b30eeb4f252c539a9b4f28f4ee65c3e57af5b9f56b2d129941f9501ea
SHA512

90e643655f641ba0b8e73dc81e3786b2d6df8e994a609d1c0c5f90f321b72e8d76ea36f1bf156ad3dc4f17d95f7c02951a28db2029d8bee6822715cde7a6f9a3
SSDEEP

6144:SJMYzUHKIzGnTiXs6VBg5FurFOa7QJpe+WEU+dBWl7nZcMvmvxNzEJK:SJXCCnGXxbg5sxOan+LunZvubkK

Score

1^/10

Malware Config

Signatures

Files

442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7.zip
.zip

Password: infected
442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7.dll
.dll windows x86

Password: infected

001b26f64621bf924e8e5fcf57e6ac98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptDestroyKey
CryptReleaseContext
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueA
RegEnumKeyExA
RegDeleteTreeA
RegDeleteValueA
RegDeleteKeyExW
RegDeleteKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegLoadAppKeyW
RegDeleteTreeW
RegEnumValueW
CryptAcquireContextW
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureW
EventProviderEnabled
EventWrite
EventRegister
EventUnregister
CryptDestroyHash
RegDeleteKeyA
RegDeleteKeyValueW
RegDeleteKeyValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
RegEnumKeyW
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegGetKeySecurity
RegSaveKeyW
RegQueryInfoKeyA

kernel32

CreateFileA
GetACP
IsValidCodePage
GetFileSize
FlushFileBuffers
ReleaseMutex
CreateMutexW
lstrlenW
ReleaseSemaphore
CreateSemaphoreW
CopyFileW
GetTempFileNameW
GetTempPathW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
FindFirstFileExW
GetFileAttributesExW
FileTimeToSystemTime
AddAtomW
DeleteAtom
SetLastError
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
FlushViewOfFile
GetCurrentThread
OpenEventW
LocalFree
SetFilePointer
DeleteFileW
GetModuleHandleA
HeapLock
HeapUnlock
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
MapViewOfFile
CreateFileMappingW
GlobalFree
UnmapViewOfFile
GlobalUnlock
GlobalLock
EncodePointer
SetThreadStackGuarantee
VirtualQueryEx
WerRegisterFile
OpenProcess
WaitForSingleObject
CreateThread
ResumeThread
SetThreadPriority
GetSystemInfo
DuplicateHandle
SetEvent
ResetEvent
CreateEventW
OpenMutexW
GetUserDefaultUILanguage
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
CompareFileTime
CreateProcessW
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
Sleep
lstrlenA
WideCharToMultiByte
GetStdHandle
GetTickCount
LoadLibraryW
WriteFile
ReadFile
CreateFileW
CloseHandle
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CompareStringA
InitializeCriticalSection
MulDiv
CompareStringW
GetPrivateProfileStringW
VerSetConditionMask
GetSystemDefaultUILanguage
GetSystemPreferredUILanguages
MoveFileW
SwitchToThread
VerifyVersionInfoW
CreateDirectoryW
GlobalAlloc
GetModuleHandleExW
FindResourceExW
DecodePointer
GetCommandLineW
LoadLibraryExW
RaiseException
lstrcmpiW
FreeLibrary
GetVersionExA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FindResourceW
LoadResource
LockResource
SizeofResource
SetEnvironmentVariableW
GetEnvironmentVariableW
SetUnhandledExceptionFilter
SetDllDirectoryW
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindAtomW
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
SuspendThread

gdi32

GetDeviceCaps
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
DeleteDC

crypt32

CryptUnprotectData

user32

LoadStringW
LoadImageW
GetSystemMetrics
SystemParametersInfoA
CharNextW
UnregisterClassW
MessageBoxW
SetForegroundWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
DestroyWindow
RegisterClassW
CreateWindowExW
ShowWindow
IsWindowVisible
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
DefWindowProcW
GetDC
ReleaseDC
LoadStringW
LoadImageW
GetSystemMetrics
SystemParametersInfoA
CharNextW
UnregisterClassW
MessageBoxW
SetForegroundWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
LoadIconW
DestroyWindow
RegisterClassW
CreateWindowExW
ShowWindow
IsWindowVisible
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
DefWindowProcW
GetDC
ReleaseDC

shell32

SHCreateDirectoryExW
SHGetFileInfoW
SHGetFolderPathW
SHFileOperationW

ole32

CLSIDFromString
CoInitialize
CoCreateGuid
CoGetCurrentLogicalThreadId
CoDisconnectObject
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemFree
StringFromCLSID
IIDFromString
CoUninitialize
CoInitializeEx

shlwapi

StrCmpIW
StrToInt64ExW
PathMatchSpecW
StrToIntExW
PathIsRelativeW
SHCreateStreamOnFileEx
PathIsFileSpecW
SHDeleteKeyW
PathAddBackslashW
PathRemoveFileSpecW
PathCombineW
PathRemoveBackslashW
PathFileExistsW
PathCanonicalizeW
PathAppendW
PathFindFileNameW
PathRemoveBlanksW
PathFindExtensionW
PathIsDirectoryW
PathStripPathW
AssocQueryStringW
PathRemoveExtensionW
PathRenameExtensionW
StrStrIW

mscoree

StrongNameErrorInfo
StrongNameFreeBuffer
StrongNameSignatureVerificationEx
StrongNameTokenFromAssemblyEx

gdiplus

GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipDrawImageI
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipGraphicsClear
GdipCreateBitmapFromStream

Exports

Exports

Kemove
Ketup
Ktart
KtartWithCommandLine
KIsAssertEtwEnabled@0
KSetOnAssertCallback@4
KWriteAssertEtwEventA@24
KWriteAssertEtwEventW@24
KWriteEtwEventForZwAllocateVirtualMemory@12
N115

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

001b26f64621bf924e8e5fcf57e6ac98

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

crypt32

user32

shell32

ole32

shlwapi

mscoree

gdiplus

Exports

Exports

Sections

.text Size: 366KB - Virtual size: 365KB

.data Size: 2KB - Virtual size: 10KB

.idata Size: 14KB - Virtual size: 13KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 172KB - Virtual size: 169KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 366KB - Virtual size: 365KB

.data
Size: 2KB - Virtual size: 10KB

.idata
Size: 14KB - Virtual size: 13KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 172KB - Virtual size: 169KB

.reloc
Size: 19KB - Virtual size: 19KB