MDE_File_Sample_252efff7f54bd19a5c96bbce0bfaeeecadb3752f (2)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_252efff7f54bd19a5c96bbce0bfaeeecadb3752f (2).zip
Size

1016KB
MD5

fae5497ca0d8f9660e520d9f1d02bcbf
SHA1

d4e04d69172bff3b3dbc0cfedf13c54d5a6ac07e
SHA256

bd2b1150f3423e5448aa5aa87e354c31dbb84cb3fc0369b872a1e9604a6f6123
SHA512

933e2234ec7e19571d4ada3977a7cf966f305e99243c81e794a246edf5c6843a3f531d7543c6fad1f2bf9223cc0d803f2c48c7a09f1ecfeb61873915d44261a2
SSDEEP

24576:IN/XTztjEiiynHBWzx76NCgJ2yoN/wDJtD4u5Ms:u/TZEJykGNCIK/+les

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MDE_File_Sample_252efff7f54bd19a5c96bbce0bfaeeecadb3752f/{6CEB9521-19B7-48AD-82FA-0A8ACBC51F1C}.exe

Files

MDE_File_Sample_252efff7f54bd19a5c96bbce0bfaeeecadb3752f (2).zip
.zip
MDE_File_Sample_252efff7f54bd19a5c96bbce0bfaeeecadb3752f/{6CEB9521-19B7-48AD-82FA-0A8ACBC51F1C}.exe
.exe windows x64

0e6e7a2a71494ed0e171c50470a6666b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CreateDirectoryW
GetCurrentProcess
GetUserDefaultUILanguage
GetProcAddress
GetModuleHandleW
CopyFileW
QueryFullProcessImageNameW
GetComputerNameA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetCurrentDirectoryW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
RtlUnwind
UnmapViewOfFile
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
WriteConsoleW
RtlPcToFileHeader
RtlUnwindEx
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
SetLastError
LoadLibraryA
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead

user32

EnumWindows
GetKeyboardLayout
SwitchToThisWindow
PostMessageW
GetClassNameW
FindWindowW
GetWindowTextW

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
CheckTokenMembership
FreeSid
RegSetValueExW
RegCreateKeyExW
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetKnownFolderPath

ole32

CoTaskMemFree

urlmon

ObtainUserAgentString

ws2_32

getpeername
gethostname
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
ioctlsocket
sendto

crypt32

PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptDecodeObjectEx

wldap32

ord30
ord200
ord301
ord35
ord33
ord32
ord27
ord26
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord79
ord22

bcrypt

BCryptGenerateSymmetricKey
BCryptCreateHash
BCryptGenRandom
BCryptFinishHash
BCryptDestroyKey
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptSetProperty

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e6e7a2a71494ed0e171c50470a6666b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

urlmon

ws2_32

crypt32

wldap32

bcrypt

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 265KB - Virtual size: 265KB

.data Size: 132KB - Virtual size: 140KB

.pdata Size: 63KB - Virtual size: 62KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 265KB - Virtual size: 265KB

.data
Size: 132KB - Virtual size: 140KB

.pdata
Size: 63KB - Virtual size: 62KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 6KB - Virtual size: 6KB