D4[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

D4.exe.zip
Size

175KB
MD5

e93c3476904135be7fad437e10b63952
SHA1

61c8ba4e842d8e4f1b77d840f303131df483bd13
SHA256

e7990f9153f6e506ad6338b3d6a53f750e1208dc67241beac6a062b27149017a
SHA512

3a2e76d36ec5756e6e7e2567fb1f46ab68446b48f3981120f1cdb7fe006ecb935ed680b9db7912b44c4bf64d2946bf402dff086d211cad236e97bc587f8e48f5
SSDEEP

3072:PTSh+FQqUArw53W3AJvowMAhWzKjqooWF+7ShQA2x11ZSeoAH6i2nmglBL4N+oc/:7Sh8Q/ArrUsv3eg7ShFSZjrx2nmgLsNi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/D4.exe

Files

D4.exe.zip
.zip

Password: infected
D4.exe
.exe windows x86

ec63fddeb16269837b3c81452c348ba6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

wsock32

recvfrom
WSACleanup
WSAStartup
accept
recv
ntohl
htonl
setsockopt
listen
bind
WSAAsyncSelect
WSAGetLastError
sendto
send
WSACancelAsyncRequest
WSAAsyncGetHostByName
socket
ioctlsocket
htons
closesocket
connect

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetStatusCallback
InternetConnectA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

kernel32

SetProcessWorkingSetSize
GetCurrentProcess
SetEvent
CreateEventA
GetProcAddress
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
CreateFileMappingA
FreeLibrary
GetSystemTime
WideCharToMultiByte
WriteFile
ReadFile
SetFilePointer
CreateFileA
CreateThread
TerminateThread
WaitForSingleObject
GetSystemTimeAsFileTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
SetSystemTime
TerminateProcess
SetUnhandledExceptionFilter
TlsSetValue
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetProcessHeap
GetCurrentThreadId
InterlockedIncrement
SetLastError
MultiByteToWideChar
AreFileApisANSI
GetModuleHandleExW
ExitProcess
InterlockedDecrement
HeapAlloc
GetModuleFileNameW
GetStdHandle
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
HeapFree
RtlUnwind
RaiseException
DecodePointer
EncodePointer
TlsFree
GetModuleHandleW
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
LoadLibraryExW
LoadLibraryW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
SetEnvironmentVariableA
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
WriteConsoleW
CreateFileW
SetEndOfFile
GetModuleFileNameA
CloseHandle
Sleep
InitializeCriticalSectionAndSpinCount
OpenProcess
LocalFileTimeToFileTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
MulDiv
LocalAlloc
GetLocalTime
GetCurrentProcessId
GetVersionExA
FormatMessageA
GetLastError
TlsAlloc
LocalFree
HeapSize
TlsGetValue
UnhandledExceptionFilter

user32

DestroyIcon
GetWindowLongA
GetCursorPos
MessageBeep
SetForegroundWindow
SetMenuDefaultItem
TrackPopupMenuEx
AppendMenuA
CreatePopupMenu
GetSystemMenu
IsWindowEnabled
KillTimer
ScreenToClient
GetFocus
IsWindowVisible
LoadIconA
EnumWindows
GetWindowTextA
EnableWindow
SetWindowTextA
GetDlgItem
EndDialog
MsgWaitForMultipleObjects
PeekMessageA
GetDesktopWindow
MessageBoxA
SetTimer
SendMessageA
LoadCursorA
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
ReleaseCapture
SetCapture
SetFocus
PostMessageA
FillRect
GetSysColor
DestroyWindow
CreateWindowExA
RegisterClassA
UpdateWindow
ShowWindow
PostQuitMessage
DefWindowProcA
LoadStringA
wsprintfA
GetWindowRect
RemovePropA
GetPropA
SetPropA
GetSystemMetrics
DialogBoxParamA
SetWindowPos
DispatchMessageA
TranslateMessage
GetMessageA
DestroyMenu

gdi32

TextOutA
GetTextExtentPoint32A
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetROP2
SetBkMode
SetBkColor
CreateSolidBrush
GetDeviceCaps
CreateFontIndirectA
MoveToEx
GetTextMetricsA
SelectObject
LineTo
DeleteObject
CreatePen
SetTextColor

comdlg32

GetSaveFileNameA

advapi32

InitializeSecurityDescriptor
StartServiceA
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
ChangeServiceConfigA
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
CreateServiceA
DeleteService

shell32

ShellExecuteA
Shell_NotifyIconA

Exports

Exports

?TaskDialogIndirect@NTThunk@Think@@YGJPBU_TASKDIALOGCONFIG@@PAH11@Z

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ec63fddeb16269837b3c81452c348ba6

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

wsock32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Exports

Exports

Sections

.text Size: 217KB - Virtual size: 216KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 217KB - Virtual size: 216KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 23KB - Virtual size: 23KB