aa4938085915798a5b6a03db3a04f6b2927d108db0bfac32ca66462f6a406c36[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

aa4938085915798a5b6a03db3a04f6b2927d108db0bfac32ca66462f6a406c36.zip
Size

125KB
MD5

5902b18f1ee400a236c6904fdcec071b
SHA1

2727daa6d1362f8916e50b281dbf5ef88e1969d6
SHA256

937ec1aaae4f589aabf66ce9eda53545c4b9bc3c65c10b9ea0ac4e13a2507082
SHA512

d411dd7a9282b7f99c7f95f10e61baaa3fbb3e47508eba7384d88697817437666aaef10379b51c487253fdb92c6594d8633f6205348ffe6bf9bf5b9e4b19dcda
SSDEEP

3072:2l8REsqwUlUDICL/35k/tVk6srsyy9LuPh3lncnTYcv4v2zqUmsP9Z6mtO6aiul8:22usdUlU8CLRkzUruTYcgv2zqUmsP9Uw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aa4938085915798a5b6a03db3a04f6b2927d108db0bfac32ca66462f6a406c36.exe

Files

aa4938085915798a5b6a03db3a04f6b2927d108db0bfac32ca66462f6a406c36.zip
.zip

Password: infected
aa4938085915798a5b6a03db3a04f6b2927d108db0bfac32ca66462f6a406c36.exe
.exe windows x86

a97f0c467cfd5c05bae35b554cfbdc5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathW
FindFirstFileW
EnumCalendarInfoA
GetDriveTypeW
InterlockedDecrement
ZombifyActCtx
HeapFree
SetComputerNameW
FreeEnvironmentStringsA
GetProcessPriorityBoost
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
EnumTimeFormatsA
GetVolumePathNameW
GlobalAlloc
GetPrivateProfileIntA
LoadLibraryW
GetConsoleAliasExesLengthW
GetModuleFileNameW
lstrcatA
InterlockedExchange
GetProfileIntA
DeleteFiber
GlobalDeleteAtom
GetProcAddress
CreateJobSet
GetLocalTime
WriteConsoleA
InterlockedExchangeAdd
SetCalendarInfoW
SetFileApisToANSI
AddAtomA
FindFirstVolumeMountPointA
CreateIoCompletionPort
FreeEnvironmentStringsW
FindNextFileW
GetStringTypeW
VirtualProtect
GetCurrentDirectoryA
CompareStringA
OpenSemaphoreW
FileTimeToLocalFileTime
DeleteFileW
MoveFileWithProgressW
EnumSystemLocalesW
DeleteFileA
SetLastError
GetVolumeNameForVolumeMountPointA
CreateFileW
FlushFileBuffers
InterlockedIncrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
MoveFileA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
ExitProcess
WriteFile
GetModuleFileNameA
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoW
IsProcessorFeaturePresent
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CloseHandle

gdi32

GetCharABCWidthsA

winhttp

WinHttpGetProxyForUrl

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a97f0c467cfd5c05bae35b554cfbdc5e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winhttp

Sections

.text Size: 85KB - Virtual size: 84KB

.data Size: 107KB - Virtual size: 2.6MB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 85KB - Virtual size: 84KB

.data
Size: 107KB - Virtual size: 2.6MB

.rsrc
Size: 11KB - Virtual size: 11KB