unknown[.]exe[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

unknown.exe.7z
Size

1.8MB
MD5

62f5f0caf24aa1494297da43c15beb72
SHA1

708de3df6ba6ccf3cec12b7e73d5d07906999f9f
SHA256

23e993edb46abf0a2f1d254a39493d41b3021a4ae7207898153241f91e3b2936
SHA512

c873e2251b7c8095d6abc5d158bb4dc9968905b4722e5bffdbb1e8bb3153dcc98ba53643babb8eeb01dddca46f30dc6fc6c5224809e6259320ed5650cd9baa48
SSDEEP

49152:TUsFIFUSn/FXB8O+tq7jnYCgfwkZZU43rc286WSP:/uUS9Xqq3YCcZvrduY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/unknown.exe.malz

Files

unknown.exe.7z
.7z

Password: infected
cosmo.jpeg
.jpg
unknown.exe.malz
.exe windows x64

Password: infected

daa1b4bb1c3c2d197c782c71a2e4aa81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fileno
_fmode
_get_osfhandle
_initterm
_isatty
_lseeki64
_onexit
_setjmp
_setmode
_wfopen
_write
abort
calloc
clearerr
exit
fclose
ferror
fflush
fgetc
fgets
fprintf
fputc
fread
free
fwrite
getenv
malloc
memchr
memcmp
memcpy
printf
setvbuf
signal
strerror
strlen
strncmp
strstr
ungetc
vfprintf
longjmp

user32

MessageBoxA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

daa1b4bb1c3c2d197c782c71a2e4aa81

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 512B - Virtual size: 336B

.rdata Size: 16KB - Virtual size: 16KB

.pdata Size: 7KB - Virtual size: 7KB

.xdata Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 87KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 552B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 260KB - Virtual size: 260KB

/31 Size: 10KB - Virtual size: 10KB

/45 Size: 14KB - Virtual size: 13KB

/57 Size: 3KB - Virtual size: 2KB

/70 Size: 2KB - Virtual size: 1KB

/81 Size: 14KB - Virtual size: 13KB

/92 Size: 1KB - Virtual size: 1KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 512B - Virtual size: 336B

.rdata
Size: 16KB - Virtual size: 16KB

.pdata
Size: 7KB - Virtual size: 7KB

.xdata
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 87KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 552B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 260KB - Virtual size: 260KB

/31
Size: 10KB - Virtual size: 10KB

/45
Size: 14KB - Virtual size: 13KB

/57
Size: 3KB - Virtual size: 2KB

/70
Size: 2KB - Virtual size: 1KB

/81
Size: 14KB - Virtual size: 13KB

/92
Size: 1KB - Virtual size: 1KB