9794129032[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9794129032.zip
Size

365KB
MD5

4a8f375d8bf93cf2fbb56a4d09570d21
SHA1

be0e16494d846aa4a040eeb341ff2fe037f33d11
SHA256

33f8b23ae20824b1d00bb9acd46674d465ba5653bcbb9a38480cedece198cf34
SHA512

054a63844262aaf9ace500af2381f1bf560925c3bee84abd801112c2c2042ddcbb968153bf9dcede0a13842c32a07d907827eeb2b2f69a68b49c78422899f832
SSDEEP

6144:2sxpIh0P+Sf6pLmaQRwpS0Gaa2lY6RAh9F7lL1OWUY3i+in6et7vIP3A/:2280P+Sf6pLFQRwpGtDpYWU9+iePQ

Score

1^/10

Malware Config

Signatures

Files

9794129032.zip
.zip

Password: infected
7c621c2c04c3cf366da08a0d46dab294febe2ea2a816c73c6538d909b0aaf39e
.dll windows x86

b6a88fb31012019611eb316fe8d06b62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
GetModuleFileNameW
CreateDirectoryW
MultiByteToWideChar
CreateEventW
WaitForSingleObject
SetEvent
CloseHandle
DisconnectNamedPipe
CancelIo
GetOverlappedResult
WaitForMultipleObjects
ReadFile
ResetEvent
WriteFile
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
CreateFileW
CreateThread
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
GetTickCount
GetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetTempPathW
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileA
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleFileNameA
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
ExitProcess
Sleep
GetModuleHandleW
GetProcessHeap
SetFilePointer
GetFileType
HeapAlloc
HeapFree
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
SetEndOfFile

oleaut32

SysAllocString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
VariantInit
SysFreeString

msi

ord121
ord118
ord125
ord167
ord119
ord171
ord49
ord32
ord159
ord160
ord163
ord162
ord166
ord26
ord165
ord34
ord221
ord47
ord51
ord116
ord58
ord62
ord63
ord48
ord64
ord76
ord78
ord80
ord114
ord120
ord123
ord133
ord135
ord207
ord139
ord140
ord143
ord147
ord150
ord142
ord115
ord17
ord74
ord103
ord8
ord54
ord145

shlwapi

PathFileExistsW

Exports

Exports

AfterInstall
AfterUninstall
BeforeInstall
VerifyConfigDat
VerifyPassword
zzzEmbeddedUIHandler
zzzInitializeEmbeddedUI
zzzShutdownEmbeddedUI
zzzzInvokeManagedCustomActionOutOfProcW

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b6a88fb31012019611eb316fe8d06b62

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

msi

shlwapi

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 148KB

.data Size: 4KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 149KB - Virtual size: 148KB

.data
Size: 4KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB