10544429118[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10544429118.zip
Size

2.4MB
MD5

c6684afd03b2151b1b7de2f8ccc46590
SHA1

d00c937def67f7ecf53b17fe0ef3f9d268b0ba3d
SHA256

b1a43bd0f5b9a8fb85a77d6954727d8a610491ff069bbdf474881f650cea7490
SHA512

bf33e31029ca7b05f89a57e87e02f28101ec4ac8581f07f940d0e2f877416c3a7edd46819aea3043baaadf839c09ad9012583552477ca6a173167db7c9723ba3
SSDEEP

49152:kb4Cy9pou/AfPb/w40b0zb09iji1Febu5yDcSdOrM3+wfK3olxIHL8iJX4fq83v:kbAogAfbSn265yDxeMOr3QUL84IqQv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/072cf0f5b68b565110ac7816c70c1e47684a4bb3b04da015fe393a4afa8f5fe9

Files

10544429118.zip
.zip

Password: infected
072cf0f5b68b565110ac7816c70c1e47684a4bb3b04da015fe393a4afa8f5fe9
.exe windows x86

Password: infected

cb5a306814144ecf158c498f183020fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_except_handler3
memset
memcpy

comctl32

_TrackMouseEvent
FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

SuspendThread
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
IsValidCodePage
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReleaseMutex
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceCounter
MultiByteToWideChar
MulDiv
lstrlenW
lstrcpyW
lstrcpynW
lstrcmpW
LockResource
LocalFree
LocalAlloc
LoadResource
LoadLibraryW
LoadLibraryExW
LoadLibraryA
LeaveCriticalSection
IsValidLocale
IsDBCSLeadByteEx
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetSystemInfo
GetStdHandle
GetStartupInfoW
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocalTime
GetLocaleInfoW
GetLastError
GetFullPathNameW
GetFileType
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcessId
GetCPInfoExW
GetConsoleOutputCP
GetConsoleCP
GetComputerNameW
GetCommandLineW
GetACP
FreeResource
FreeLibrary
FormatMessageW
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
CreateMutexW
ExitProcess
OpenProcess

user32

SetWindowTextW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromDC
WindowFromPoint
IsWindowEnabled
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharAlphaW
IsCharAlphaNumericW
InvalidateRect
InsertMenuW
InsertMenuItemW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetLastActivePopup
GetKeyState
GetKeyNameTextW
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetIconInfo
GetFocus
GetDoubleClickTime
GetDlgCtrlID
GetDesktopWindow
GetDCEx
SetFocus
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
SetPropW
GetClassInfoExW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowW
FindWindowExW
FillRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextW
DrawTextExW
DrawStateW
DrawMenuBar
DrawIconEx
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreateWindowExW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateCaret
CreateAcceleratorTableW
CountClipboardFormats
CopyRect
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperW
CharUpperBuffW
SetCursorPos
SetClipboardData
SetClassLongW
SetCaretPos
MessageBoxIndirectW
MessageBoxA
CharToOemW
CharNextW
CharLowerW
CharLowerBuffW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
LoadImageW
LoadCursorW
LoadIconW
EmptyClipboard
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
SetParent
SetMenuItemInfoW
SetKeyboardState
GetClassInfoW
SetForegroundWindow
LoadKeyboardLayoutW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
GetCursorPos
IsWindowUnicode
GetForegroundWindow

gdi32

CreatePolygonRgn
CreatePenIndirect
CreatePalette
CreateICW
DeleteDC
DeleteEnhMetaFile
DeleteObject
DPtoLP
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtCreatePen
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBitmapDimensionEx
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDeviceCaps
GetDIBColorTable
GetDIBits
CreateHalftonePalette
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
CreateRectRgn
GetMapMode
GetNearestPaletteIndex
GetObjectW
GetPaletteEntries
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetViewportOrgEx
GetWindowOrgEx
GetWinMetaFileBits
IntersectClipRect
LineTo
LPtoDP
MaskBlt
MoveToEx
OffsetRgn
PatBlt
Pie
PlayEnhMetaFile
PolyBezierTo
Polygon
Polyline
PolyPolyline
PtInRegion
RealizePalette
Rectangle
RectVisible
ResizePalette
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixelV
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetWinMetaFileBits
StartDocW
StartPage
StretchBlt
CreateSolidBrush
StretchDIBits
UnrealizeObject
CreateFontIndirectW
CreateEllipticRgn
CreateDIBSection
CreateDIBitmap
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
GetEnhMetaFileBits
GetPixel

winspool.drv

EnumPrintersW
DeviceCapabilitiesW
DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegRestoreKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

shell32

ShellExecuteExW
Shell_NotifyIconW
ExtractIconW
ShellExecuteW

ole32

CoUninitialize
CoTaskMemFree
CreateBindCtx
CoInitialize
CoCreateInstance
CLSIDFromProgID
StringFromCLSID
RevokeDragDrop
RegisterDragDrop
ProgIDFromCLSID
OleUninitialize
OleInitialize
MkParseDisplayName
DoDragDrop
CoTaskMemAlloc
CreateStreamOnHGlobal

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopyInd
VariantInit
SafeArrayAccessData

Sections

.text
Size: 428KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sela
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

cb5a306814144ecf158c498f183020fe

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 428KB - Virtual size: 425KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 12.1MB

.data1 Size: 4KB - Virtual size: 536B

.rsrc Size: 112KB - Virtual size: 112KB

.sela Size: 3.9MB - Virtual size: 3.9MB

.text
Size: 428KB - Virtual size: 425KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 12.1MB

.data1
Size: 4KB - Virtual size: 536B

.rsrc
Size: 112KB - Virtual size: 112KB

.sela
Size: 3.9MB - Virtual size: 3.9MB