10714793970[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10714793970.zip
Size

984KB
MD5

0b8a769e7c044357f8200604d46549ba
SHA1

b0b29778a2b3f0aefa2bf05e5f974afd72390b4d
SHA256

3f51080569b814eba7b259f9a0f512d5d2dba9db3827e39124908a44f97a9a6d
SHA512

37d9c3644a567c7f534aec190069533fece875d9c20b923b3b8d2c85f9fa8d6be509422188d1bd121fa2dd41f6bb21b8d3dcdf5847fce0baa01c2e0da5504a07
SSDEEP

24576:RnBMIMUP/Ye89mr7a8gcQFaZjLc6rFoeoYkzyMjV870daKMb:Ah99J3aIeYX40gb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3834f6a04b0a9cca41653967e46934932089adaa4de23ff5cfeecdd0e9258e72

Files

10714793970.zip
.zip

Password: infected
3834f6a04b0a9cca41653967e46934932089adaa4de23ff5cfeecdd0e9258e72
.dll windows x64

5ef8f01c658f59bd6fe659f827776382

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
VerSetConditionMask
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
CreateIoCompletionPort
GetCurrentProcess
Thread32Next
Thread32First
GetModuleHandleA
OpenProcess
LoadLibraryA
VirtualProtectEx
GetProcAddress
OpenThread
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
MultiByteToWideChar
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
ConvertFiberToThread
ConvertThreadToFiber
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
GetSystemTime
SystemTimeToFileTime
ReadFile
CreateFileW
lstrcmpA
CreateWaitableTimerA
VirtualAlloc
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
VirtualQuery
lstrcpyA
GetFullPathNameW
GetCurrentDirectoryW
QueueUserAPC
TlsAlloc
TerminateThread
SetEvent
GetLastError
GetModuleHandleExA
CreateEventW
PostQueuedCompletionStatus
ExitThread
lstrcatA
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
EnterCriticalSection
SetLastError
VerifyVersionInfoA
TlsSetValue
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
FindFirstFileW
SetEndOfFile
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExA
FindClose
GetStringTypeW
SetStdHandle
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetACP
SetWaitableTimer
GetModuleFileNameA
CloseHandle
CreateToolhelp32Snapshot
WaitForSingleObject
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
FormatMessageA
LocalFree
InterlockedFlushSList
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
FreeLibrary
LoadLibraryExW
CreateThread

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

CryptCreateHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
LookupPrivilegeValueA
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

ws2_32

WSASetLastError
WSASocketW
getaddrinfo
connect
WSARecv
getsockopt
select
ioctlsocket
setsockopt
WSAGetLastError
recv
send
WSASend
closesocket
freeaddrinfo
WSACleanup
WSAStartup

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

shlwapi

StrChrA
StrToIntA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5ef8f01c658f59bd6fe659f827776382

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

crypt32

shlwapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 121KB - Virtual size: 144KB

.pdata Size: 77KB - Virtual size: 77KB

.gfids Size: 512B - Virtual size: 300B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 121KB - Virtual size: 144KB

.pdata
Size: 77KB - Virtual size: 77KB

.gfids
Size: 512B - Virtual size: 300B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 22KB - Virtual size: 22KB