samples (3)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

samples (3).zip
Size

22.5MB
MD5

46378c043418f5c0d89bd4e879d2772c
SHA1

2f5b21e27c2a624ae7927da3152cc1f0265c40c7
SHA256

ca27535b720dd5e037db74e1b21887d32495c69e3dc8d58a618f13de67660ad7
SHA512

1625a3dc92be737c6fad694b90f3175d3f58006878fd5b131a4b7cccbaad8b417423facfe679d424ec6b76f7d32a3f22bd8fd88cdce3499146a5fd2027195b90
SSDEEP

393216:BP+Ob7Lya27jo7sW3vUTf/paARFzZDUOfzVG3+GR8/V3yvqfLM951d3OIe2q7:BWGKa2Ydsf/NUKUOa8r49p3Oj2q7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/070d52badd8cbed6e01aedc2f3dad328cae3f8d0de5fe536a37ef07c15921cc1

Files

samples (3).zip
.zip

Password: infected
070d52badd8cbed6e01aedc2f3dad328cae3f8d0de5fe536a37ef07c15921cc1
.exe windows x86

47355a2b3d4345be404eba475528d4a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetVersion
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

SetWindowPos
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderPathW

ole32

CLSIDFromProgID

shlwapi

PathFindFileNameA

gdi32

CreateBitmap

wininet

InternetReadFile

dbghelp

MakeSureDirectoryPathExists

oleaut32

SafeArrayDestroyDescriptor

winspool.drv

OpenPrinterA

comctl32

ord17

wtsapi32

WTSSendMessageW

Sections

.text
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MNvNWy0
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

MNvNWy1
Size: 12.3MB - Virtual size: 12.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

47355a2b3d4345be404eba475528d4a6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

gdi32

wininet

dbghelp

oleaut32

winspool.drv

comctl32

wtsapi32

Sections

.text Size: 492KB - Virtual size: 492KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 7.7MB - Virtual size: 7.7MB

MNvNWy0 Size: 2.9MB - Virtual size: 2.9MB

MNvNWy1 Size: 12.3MB - Virtual size: 12.3MB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 492KB - Virtual size: 492KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 7.7MB - Virtual size: 7.7MB

MNvNWy0
Size: 2.9MB - Virtual size: 2.9MB

MNvNWy1
Size: 12.3MB - Virtual size: 12.3MB

.rsrc
Size: 4KB - Virtual size: 4KB