6eafd7594a930ea84d7ef02f33dbf5d3071ee8c258e3efa93529ba18ca82e29c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

6eafd7594a930ea84d7ef02f33dbf5d3071ee8c258e3efa93529ba18ca82e29c.zip
Size

162KB
MD5

605492268d16ffd2089a37df4fa2765f
SHA1

4cafd24830ac174a3bd49c26b77886d4588c110f
SHA256

1facb0c1a928030a3840d0be31a11c0454fd58617d0a507d68573cfc8e19a914
SHA512

dfc9eb2f445316c62541be7a3e8c70672fe733f4aac3684119f7ab727aaba8cbf19b50c815ef30f40e5882768b02ff8c46cb458fb01c7058f3c5aa6beca07476
SSDEEP

3072:WpUH0hoanNfP7K/lXv1aVsPuJ+Kaq7woY7cem:Wc0aanNHmtGNaqXYO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C/ProgramData/Sentinel/AFUCache/6eafd7594a930ea84d7ef02f33dbf5d3071ee8c258e3efa93529ba18ca82e29c

Files

6eafd7594a930ea84d7ef02f33dbf5d3071ee8c258e3efa93529ba18ca82e29c.zip
.zip

Password: S1BinaryVault
C/ProgramData/Sentinel/AFUCache/6eafd7594a930ea84d7ef02f33dbf5d3071ee8c258e3efa93529ba18ca82e29c
.exe windows x86

Password: S1BinaryVault

885aeb60c3202e4dc3fd608c710bd8d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow
SetFocus
SetCapture
SendInput
SetForegroundWindow
DefWindowProcW
EndPaint
BeginPaint
GetUpdateRect
RegisterClassW
ClientToScreen
GetWindowRect
GetDesktopWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
SetDisplayConfig
GetFocus
SetRectEmpty
GetClientRect
DrawTextExW
SetWindowLongW
SetLayeredWindowAttributes
GetDC
ReleaseDC
SetTimer
PtInRect
PostQuitMessage
NotifyWinEvent
ShowWindow
ReleaseCapture
SetWindowPos
InvalidateRect
UpdateWindow
GetCursorPos
LoadImageW
ScreenToClient
LoadCursorW
SetCursor
InflateRect
GetSysColorBrush
FillRect
GetSysColor
SetRect
SystemParametersInfoW
UnregisterDeviceNotification
KillTimer
FindWindowExW
CreateWindowExW
GetWindowLongW
LoadStringW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowsHookExW
GetSystemMetrics
CallNextHookEx
GetAsyncKeyState
GetKeyState
PostMessageW
RegisterDeviceNotificationW
UnhookWindowsHookEx

kernel32

LoadLibraryExA
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
InterlockedDecrement
InterlockedIncrement
CreateSemaphoreW
GetLastError
WaitForSingleObject
MulDiv
ReleaseSemaphore
CloseHandle
GetModuleHandleW
LoadLibraryA
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InterlockedExchange
GetLocaleInfoW

comctl32

ord345
ImageList_CoCreateInstance
ord344

shlwapi

ord219
SHGetValueW

ole32

CoInitialize
CoUninitialize

imm32

ImmDisableIME

ntdll

WinSqmEndSession
WinSqmStartSession
WinSqmAddToStream

powrprof

PowerDeterminePlatformRole
GetPwrCapabilities

slc

SLGetWindowsInformationDWORD

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
EventUnregister
EventWrite
EventRegister

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
qsort
_ftol2
_CIsin
_CIcos
memset
_vsnwprintf
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
strtok
_stricmp

gdi32

SetBkColor
DeleteObject
FillRgn
CreateFontIndirectW
SetTextColor
GetDeviceCaps
FrameRgn
CreateRectRgnIndirect
SelectObject
GetTextExtentPoint32W
CreateDIBSection
CreateRoundRectRgn
GetObjectW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1BinaryVault

Password: S1BinaryVault

885aeb60c3202e4dc3fd608c710bd8d4

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

comctl32

shlwapi

ole32

imm32

ntdll

powrprof

slc

advapi32

msvcrt

gdi32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 473KB - Virtual size: 472KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 473KB - Virtual size: 472KB

.reloc
Size: 3KB - Virtual size: 3KB