55e4d509de5b0f1ea888ff87eb0d190c328a559d7cc5653c46947e57c0f01ec5[.]zip

Resubmissions

16/05/2023, 18:43

230516-xde19sca75 10

16/05/2023, 18:42

230516-xcen4sbb8x 3

16/05/2023, 18:40

230516-xa9rgaca68 10

Sharing

Copy URL Twitter E-mail

General

Target

55e4d509de5b0f1ea888ff87eb0d190c328a559d7cc5653c46947e57c0f01ec5.zip
Size

46KB
MD5

0ce18607ac48349e6c85ad033a2b64e6
SHA1

fc0bf6496e1c714b6eb8e92c9599355963fd9e34
SHA256

3fe5b2752d5f8d73b6beadbc2ceaf77e8c18a76cdd82ff355be32fa63d7a02e8
SHA512

28c2232cff24849d26f84a4b0db7db694d73f377538c58a8ebed864498ab5802a71cb1f20d89bd6a318e4882628d59a8929e46cf30fcd18cf720d84617a4341f
SSDEEP

768:y/9iaQTzjvI8oZSls+T7BZxKHWmNDulX0GuyY12+lBAoLHv/D+KrvFdHQzZEqCUI:gihvjXoklXTVzKHW/XuyY11HzprvFdHT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/55e4d509de5b0f1ea888ff87eb0d190c328a559d7cc5653c46947e57c0f01ec5.exe

Files

55e4d509de5b0f1ea888ff87eb0d190c328a559d7cc5653c46947e57c0f01ec5.zip
.zip

Password: infected
55e4d509de5b0f1ea888ff87eb0d190c328a559d7cc5653c46947e57c0f01ec5.exe
.dll windows x64

Password: infected

6050138199323249bc1f0597cf7cc525

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtClose
RtlAdjustPrivilege
NtSetInformationThread
ZwDuplicateToken
NtOpenProcessToken
NtTerminateThread
NtOpenProcess

kernel32

lstrlenA
OpenProcess
TerminateProcess
ReadFile
CreateFileW
Process32FirstW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
LocalFree
GetCurrentProcess
WaitForSingleObject
FindFirstFileW
FindVolumeClose
GetDriveTypeW
GetLogicalDriveStringsW
SetVolumeMountPointW
WriteFile
GlobalAlloc
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetFileAttributesW
lstrcmpW
MoveFileW
GlobalFree
FindClose
LocalAlloc
GetExitCodeThread
PostQueuedCompletionStatus
DeviceIoControl
WaitForMultipleObjects
CloseHandle
GetWindowsDirectoryW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
ResumeThread
SetFileAttributesW
CreateThread
HeapDestroy
GetComputerNameW
GetLogicalDrives
GetDiskFreeSpaceExW
GetVolumeInformationW
lstrcmpA
SetFilePointerEx
CreateIoCompletionPort
ExitProcess
CreateFileA
VirtualQuery
CreateProcessW
LoadLibraryW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
CreateProcessA
lstrcatA
GetShortPathNameA
GetProcAddress
GetModuleFileNameA
GetCurrentThreadId
lstrcpyA
QueryFullProcessImageNameW
UnhandledExceptionFilter
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemTimeAsFileTime
lstrcatW
GetSystemInfo
GlobalMemoryStatusEx
GetLastError
OpenMutexW
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
HeapCreate
Sleep
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
GetNativeSystemInfo
CreateMutexW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetQueuedCompletionStatus
lstrcpyW
SetUnhandledExceptionFilter
FindNextFileW
GetCommandLineW

user32

wsprintfW
GetKeyboardLayoutList
wsprintfA
ExitWindowsEx
GetSystemMetrics
GetForegroundWindow

advapi32

RegOpenKeyExW
RegCreateKeyExW
CryptGenRandom
CryptAcquireContextW
GetUserNameW
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EnumServicesStatusExW
ControlService
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCloseKey
RegSetValueExW
DeleteService
RegQueryValueExW

shell32

ShellExecuteExW
CommandLineToArgvW

ole32

CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

msvcrt

??1type_info@@UEAA@XZ
_XcptFilter
_initterm
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
_CxxThrowException
__CxxFrameHandler3
isdigit
malloc
calloc
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
_snwprintf
memmove
_wcsicmp
pow
memcmp
__C_specific_handler

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

shlwapi

StrToIntW
StrStrW
PathFindFileNameW
PathFindExtensionW
PathAddBackslashW
PathRemoveFileSpecW
PathCombineW

rstrtmgr

RmStartSession
RmGetList
RmRegisterResources

Exports

Exports

Rathbuige
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6050138199323249bc1f0597cf7cc525

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcrt

mpr

crypt32

shlwapi

rstrtmgr

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 216B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 216B