1d58c7[.]rbf[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

1d58c7.rbf.zip
Size

11KB
MD5

be3f4b7f8cdece1cf4377a42b1b8e32a
SHA1

acd6fc92aceea865cf55e26dcfa9508876912165
SHA256

fa3ec250363e6b5e5a1d6c671a839ead9657e7da63bc662a632fb047c8e3077b
SHA512

c7b66d9e8f6e805fab4044cbadd8541eb8bac75a0c5da085c2c1a0df2efe4cfc05e49100a96b231908a7188a1cc95715e3785737ef05fcb6e5909c40c672dfa2
SSDEEP

192:t6oC2YQYlS/YG7bPTTDAgDpYGywhDaY8ZT5PlAtEvcg318ZXXkSkC2oeXe44efV4:t6oC2SlRG7rTTjpdFET5PCtEvcgMXIoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1d58c7.rbf

Files

1d58c7.rbf.zip
.zip

Password: infected
1d58c7.rbf
.exe windows x86

36fcfe7dc509abba4aae5d76252b8232

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW

advapi32

QueryServiceStatus
RegOpenKeyExW
RegQueryValueExW
OpenSCManagerW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
StartServiceW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW

mfc42u

ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord6211
ord2613
ord1131
ord825
ord823
ord2078
ord5261
ord4370
ord4847
ord4992
ord4704
ord2506
ord6048
ord4073
ord1767
ord5710
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord1569
ord324
ord641
ord4229
ord800
ord540
ord538
ord861
ord6191
ord4282
ord4155
ord922
ord537
ord2810
ord6195
ord6266
ord755
ord470
ord1165
ord4215
ord2576
ord3649
ord3658
ord2430
ord2858
ord1637
ord1143
ord2371
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord4401
ord3592

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
wcscmp
sprintf
memset
__CxxFrameHandler
_chkesp

kernel32

GetStartupInfoW
ExitProcess
GetModuleHandleW
CreateMutexW
lstrcpyA
GetSystemDefaultLangID
Sleep
OutputDebugStringW
LoadLibraryW
CreateThread
lstrcmpA
CloseHandle
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemDirectoryW
WideCharToMultiByte
GetProcAddress
lstrcpyW
GetLastError

user32

GetCursorPos
GetSystemMetrics
DrawIcon
AppendMenuW
SetMenuDefaultItem
GetSubMenu
LoadMenuW
SendMessageW
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer
SetForegroundWindow
EnableWindow
LoadIconW
RegisterWindowMessageW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

36fcfe7dc509abba4aae5d76252b8232

Headers

File Characteristics

Imports

shell32

advapi32

mfc42u

msvcrt

kernel32

user32

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB