Aramaware[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Aramaware.zip
Size

179KB
MD5

d46345e6a112048ce7fb0cc1be021119
SHA1

86744fb58f947c499650abd9867956ac77dcb333
SHA256

fe4252a3a0c952a7bbce8bd9f20e13fbfae6e694989b117947dacc609505a0b6
SHA512

249c8ab3adc3cecfcd4d569868e13904a014fb035ba8c24785d17769639a2b938ec8d271373f8c9718f1427def37d0615eb4313aed35127c4abad66fea132203
SSDEEP

3072:GLbMP2OQnsmgzcoQicb0US51S5JZLS8GXHpgYyRX8AGTi0kndHJiz0d:GLUJcgz/cb4wvOaYOsAycHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Aramaware/aramaware.exe

Files

Aramaware.zip
.zip

Password: infected
Aramaware/README.txt
Aramaware/aramaware.exe
.exe windows x86

Password: infected

45ac34840fc7ebf704dd2a774a15974e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
CreateBitmap
CreateCompatibleDC
CreatePen
CreateSolidBrush
DeleteObject
GetBitmapBits
LineTo
ScaleWindowExtEx
SelectObject
SetBitmapBits
SetLayout

kernel32

AddVectoredExceptionHandler
Beep
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteVolumeMountPointA
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
OpenProcess
OutputDebugStringA
Process32First
Process32Next
QueryPerformanceCounter
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteFile

msvcrt

__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_getpid
_initterm
_iob
_onexit
_setjmp3
_strdup
_ultoa
_write
abort
calloc
exit
fopen
fprintf
fputc
fputs
free
fwrite
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
rand
realloc
signal
sprintf
srand
strcmp
strlen
strncmp
strtoul
system
time
vfprintf

user32

GetDC
GetForegroundWindow
GetSystemMetrics
InvalidateRect
MessageBoxA
SetWindowTextA

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

45ac34840fc7ebf704dd2a774a15974e

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

user32

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 512B - Virtual size: 148B

.rdata Size: 14KB - Virtual size: 13KB

/4 Size: 44KB - Virtual size: 43KB

.bss Size: - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

/14 Size: 512B - Virtual size: 208B

/29 Size: 94KB - Virtual size: 94KB

/41 Size: 6KB - Virtual size: 5KB

/55 Size: 21KB - Virtual size: 20KB

/67 Size: 512B - Virtual size: 56B

/80 Size: 1024B - Virtual size: 714B

/91 Size: 40KB - Virtual size: 39KB

/102 Size: 4KB - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 512B - Virtual size: 148B

.rdata
Size: 14KB - Virtual size: 13KB

/4
Size: 44KB - Virtual size: 43KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

/14
Size: 512B - Virtual size: 208B

/29
Size: 94KB - Virtual size: 94KB

/41
Size: 6KB - Virtual size: 5KB

/55
Size: 21KB - Virtual size: 20KB

/67
Size: 512B - Virtual size: 56B

/80
Size: 1024B - Virtual size: 714B

/91
Size: 40KB - Virtual size: 39KB

/102
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 29KB