9789398603[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9789398603.zip
Size

759KB
MD5

b17b73032fce4b0906a93d3576c50db4
SHA1

0295ab740cb36da1f71b77c1a4a82fb578dd9754
SHA256

5d5ce34fa782a0de0d655340e24528ef03e4a07c1208e549cf4eb6addd75502f
SHA512

81ad14ca4bfd9a23dab04669ad638c949e611c2a4a735f65e8879e3b67df35910e12723fd49f8d801da3c389a1d9df75fce2a5544c9b3eebf9521dfd8bc1b588
SSDEEP

12288:beDRgeiqbHcNYVqYun7KlrRVFyhahVzJ7fg+wiU4cIY2rxODnGIpLklirAxkJTzC:b0p/8NYIqjSaXagU4cI/ODnJLwGVJH9M

Score

1^/10

Malware Config

Signatures

Files

9789398603.zip
.zip

Password: infected
df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415
.exe windows x86

Password: infected

0342305287526630b0692bf1d3350409

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
GetProcAddress
ExitProcess
FreeLibrary
GetEnvironmentStrings
SleepEx
GetTickCount
VirtualAlloc
GetCommandLineA
GetTickCount64
CreateDirectoryA
GetModuleFileNameA
FindFirstFileW
SetHandleCount
VirtualProtect
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetStdHandle
WriteConsoleA
DeviceIoControl
GetConsoleCP
LeaveCriticalSection
lstrlenA
LocalAlloc
CreateFileW
GetFileAttributesW
GetCurrentThreadId
lstrcmpA
GetSystemDirectoryW
GetCurrentDirectoryA
GetModuleHandleA
SetFileAttributesW
GetFileInformationByHandle
LocalFileTimeToFileTime
GetFileAttributesA
FindClose
GetCurrentThread
LoadLibraryA
TlsAlloc
FindResourceExW
GetWindowsDirectoryA
LoadResource
FindResourceW
SetStdHandle
SystemTimeToFileTime
GetModuleHandleW
TlsGetValue
TlsFree
QueryPerformanceCounter
SetUnhandledExceptionFilter
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetProcessHeap
DecodePointer
LCMapStringW
FindNextFileA
LoadLibraryExA
CreateFileA
FindFirstFileA
FreeEnvironmentStringsW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsSetValue
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
WriteFile
HeapAlloc
HeapFree
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW

user32

GetFocus
GetCaretPos
MessageBoxW
GetClipboardOwner
GetOpenClipboardWindow
GetActiveWindow
GetInputState
MessageBoxA
GetMessageTime
SetWindowsHookExW
GetDesktopWindow
GetProcessWindowStation
GetCursorPos
CloseWindow
DestroyWindow
SendMessageTimeoutA
DefWindowProcA
CreateDialogParamA
PostQuitMessage
FindWindowA
GetClipboardViewer

advapi32

RegCloseKey
RegOpenKeyA
RegEnumKeyA

shlwapi

PathAppendA
PathFileExistsW

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 681KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0342305287526630b0692bf1d3350409

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 681KB - Virtual size: 683KB

.rsrc Size: 123KB - Virtual size: 123KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 681KB - Virtual size: 683KB

.rsrc
Size: 123KB - Virtual size: 123KB

.reloc
Size: 6KB - Virtual size: 6KB