MDE_File_Sample_7b5774ed787e9f4fbe9c7e56f75ea29a540f7eae[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_7b5774ed787e9f4fbe9c7e56f75ea29a540f7eae.zip
Size

71KB
MD5

9742d9c38d7609153707ae4b99b2bacf
SHA1

43047efe9dcb06a8c12ea6f2a0297b282db73e99
SHA256

6b2795d2de3ae24536182590ebf94a47523f346761cfd871c16dd9af8472b0ce
SHA512

b34a0b06094a3e40b0fcf41c4d98fe11f47becf3a366aa6b6ee390c45c037c3a69582c6e2125d0723af7e629f4925840bc12b1b7df3172793c730fe791b1f8eb
SSDEEP

1536:vupyyv83bSMg6a5OdaDtCTK1XXG6qKrGnLcm4FD50uWO41WYIM1zJE:vupLv839g62OdaDgTkn4LTEDh41WYbzy

Score

1^/10

Malware Config

Signatures

Files

MDE_File_Sample_7b5774ed787e9f4fbe9c7e56f75ea29a540f7eae.zip
.zip

Password: infected
besten.exe
.exe windows x86

Password: infected

37b9ea2a982f6b8d1218546697f12ba2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncmp
_exit
_vsnprintf
_XcptFilter
fprintf
printf
__getmainargs
_initterm
__p__fmode
__setusermatherr
__set_app_type
free
strcpy
memcpy
_acmdln
fflush
exit
calloc
_except_handler3
strcmp
__p__commode
_adjust_fdiv

kernel32

TerminateProcess
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
CreateProcessW
VirtualProtectEx
SystemTimeToFileTime
LoadLibraryExW
GetTimeZoneInformation

advapi32

FreeSid
CheckTokenMembership
RegQueryValueExW
OpenSCManagerA
GetSecurityDescriptorDacl
RevertToSelf

gdi32

CreateICW
GetMapMode
EndDoc
CreateDCW
Chord
GetMetaFileBitsEx
SetStretchBltMode
UnrealizeObject

oleaut32

SafeArrayUnaccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayRedim
VariantInit
VariantCopyInd

ole32

CoLoadLibrary
OleIsCurrentClipboard
CoFreeUnusedLibraries
OleUninitialize
ProgIDFromCLSID

user32

GetLastActivePopup
EnableMenuItem
MapWindowPoints
IsRectEmpty
SetActiveWindow
SetWindowLongA

shell32

ExtractIconA
SHGetDesktopFolder
ShellExecuteExA
SHCreateDirectoryExW

comctl32

ImageList_DragLeave
ImageList_Remove

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

37b9ea2a982f6b8d1218546697f12ba2

Headers

File Characteristics

Imports

msvcrt

kernel32

advapi32

gdi32

oleaut32

ole32

user32

shell32

comctl32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 40KB - Virtual size: 63KB

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 40KB - Virtual size: 63KB

.rsrc
Size: 60KB - Virtual size: 59KB