f02216306b3b6609761db066602385d1e0280b84082107dca04cfd8c27bc42ae[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f02216306b3b6609761db066602385d1e0280b84082107dca04cfd8c27bc42ae.zip
Size

144KB
MD5

d5de67dbf6bdfc4e916b02617527c35d
SHA1

0111560691b1025d3041c220606299d1dae90b39
SHA256

5e13939c80f26d0730807c8ae401ef10312f004bcfc72dd44c6bd29325b777b1
SHA512

304935dc194b64c29abb265246a9a821f0de3a49c4363fc8923765ef1df9ac2cff3535917afcaf3eb0c332ea5bdd18f7ea0ab588927e4bcac960525d63efa3cd
SSDEEP

3072:+aoFebjwbXNG68k7S7vZDqSZ4+kIa4tW5nlPDPTCfuvU7lEtV:VoFebEhbO7Zl4u3wlPDPTCEV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C/ProgramData/Sentinel/AFUCache/f02216306b3b6609761db066602385d1e0280b84082107dca04cfd8c27bc42ae

Files

f02216306b3b6609761db066602385d1e0280b84082107dca04cfd8c27bc42ae.zip
.zip

Password: S1BinaryVault
C/ProgramData/Sentinel/AFUCache/f02216306b3b6609761db066602385d1e0280b84082107dca04cfd8c27bc42ae
.dll regsvr32 windows x86

Password: S1BinaryVault

c0ed8cb3f44c1915f4cf2abbd9de8ef1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
lstrcpyW
GetModuleFileNameW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
lstrcpynW
lstrcatW
LeaveCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
LockResource
FindResourceExW
GetProcAddress
LoadLibraryW
GetProcessHeap
HeapSize
EnterCriticalSection
RaiseException
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
FreeLibrary
InterlockedExchange
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess

user32

CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

SafeArrayUnlock
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringLen
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SafeArrayDestroy
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SafeArrayRedim
SafeArrayCreate
VariantCopyInd
SafeArrayLock

wininet

InternetSetOptionW
InternetAutodial
InternetGetConnectedState
GetUrlCacheEntryInfoW
InternetCombineUrlW

urlmon

CoInternetQueryInfo

mscoree

CorBindToRuntimeEx

shlwapi

PathIsRelativeW
PathIsURLW
PathFindExtensionW

msvcr71

_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__security_error_handler
__CppXcptFilter
_adjust_fdiv
_initterm
wcsrchr
memset
iswspace
wcslen
memmove
wcscspn
wcsspn
wcsstr
wcscmp
??_U@YAPAXI@Z
realloc
wcsncpy
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
_except_handler3
_CxxThrowException
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1BinaryVault

Password: S1BinaryVault

c0ed8cb3f44c1915f4cf2abbd9de8ef1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

wininet

urlmon

mscoree

shlwapi

msvcr71

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 568B

.rsrc Size: 28KB - Virtual size: 24KB

.reloc Size: 4KB - Virtual size: 2KB

.text Size: 224KB - Virtual size: 224KB

.text
Size: 40KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 568B

.rsrc
Size: 28KB - Virtual size: 24KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 224KB - Virtual size: 224KB