sample[.]zip | Triage

Resubmissions

11/05/2023, 10:22

230511-mebp5ada36 7

Sharing

Copy URL Twitter E-mail

General

Target

sample.zip
Size

83KB
MD5

5ba9f3dc960510c3ff562fa7889c781f
SHA1

3975e8e45a93634bc27147c43b6cf084b4187500
SHA256

7cc0243e95a154a7bdf9635f3b2ef028cd98804d034137d51dee2012aca5d605
SHA512

ac01dd119246f80cb0e8c36db3c491198110134c7b6b630ecaf15846a8a1c9cdefe4120bd99bbebd15240a14fb7996af355b0244db44de57d5fddfa10f4e8d68
SSDEEP

1536:IuxZ9gPu/lr5KW3Zg65UYgAe6HHbFO3Pkkk6wA9IBxXAEz+UYeI3HuIPyKHsNE2t:Iuy8Pg65O56H7FO3Pe6bwfPItPZMNRKA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample/aescrypt.exe

Files

sample.zip
.zip

Password: infected
sample/SA.DAT
sample/aescrypt.exe
.exe windows x64

Password: infected

0c99c46f83d7c6e522543b07634045ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetCommandLineW
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
FindNextFileW
FindFirstFileExW
FindClose
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
RtlUnwindEx
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
SetHandleCount
GetStdHandle
GetStartupInfoW
DeleteCriticalSection
HeapFree
FlushFileBuffers
MultiByteToWideChar
ReadFile
CloseHandle
CreateFileW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryW
HeapAlloc
HeapReAlloc
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap

advapi32

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0c99c46f83d7c6e522543b07634045ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 28KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 28KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 1KB - Virtual size: 1KB