K7UI[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

K7UI.zip
Size

55KB
MD5

c332cabc9579f2cbeac0cbd58359481a
SHA1

c4fec48c235ce0e18f56b930e94ad3a18efe3fd4
SHA256

958917246febec537b25e83a36a5c7ab7c78b3213e2ef7303f9ec833d085cfaa
SHA512

65882b2e73c83fa3a8fd529a7c4a5ac6c837716d426eff8a3a99176161ad37ffce862f3b2d8968a9e8fd3d8be9efb8f05406c2324191fe0b7cc710c5049b1ae2
SSDEEP

768:3bi8Z9+TdHrNvCgwujZKAwTzlGzlmmvD9IP8nRjXbZb9Ew4HokW/k7zsrFnc6jvq:rdwdLtCgwQYDBMlDnRjX1xmokd8Vc0vq

Score

1^/10

Malware Config

Signatures

Files

K7UI.zip
.zip

Password: infected
3b195a8aa292fdc61d76fa0aa7634d2eb922b787c48e9c4909765d6c4a25aea0
.dll windows x86

1accd2015f22b5769d66ef02d52710bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileW
DecodePointer
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileA
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
RtlUnwind
SetEndOfFile
SetErrorMode
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcatA

Exports

Exports

Compa0reStringEx
DeleteCritical1Section
F3reeEnvironmentStringsW
Find2NextFileA
GetMenuStr4ingW
Inte5rlockedFlushSList
M6ultiByteToWideChar
PathCom7pactPathExW
S9leep
SetSt8dHandle

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1accd2015f22b5769d66ef02d52710bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 424B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 424B

.reloc
Size: 4KB - Virtual size: 4KB