563379a48d876f6c35317bb7551efeb55754123056109ab030d1e796ae1b9c2c[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

563379a48d876f6c35317bb7551efeb55754123056109ab030d1e796ae1b9c2c.zip
Size

141KB
MD5

25439aa45ce81d6a3136d73f8a40e161
SHA1

3ecfca7d5d85b46cd47666fe9bee51d2f5f21606
SHA256

7ad9caee717862d07720eed074c9e16b28229258e3670c6c6f1e29d6e0a3666e
SHA512

07faf3d89d81b60f03bf65f0e50ccb4ae310e161e085a0e60fb7bd2b14195e95ff1dd53a4da1f2a0fa552b341bf4f8d90332dbf10fce7a2b0fa20be9d7a1ce63
SSDEEP

3072:p6sbix++hvtLVQoyOUXiIvKM3MdYSDWpIr2/uOBtQTn:pzOw+7Xszb3sFDWpIr2/uOBtQTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/563379a48d876f6c35317bb7551efeb55754123056109ab030d1e796ae1b9c2c

Files

563379a48d876f6c35317bb7551efeb55754123056109ab030d1e796ae1b9c2c.zip
.zip

Password: threatbook
563379a48d876f6c35317bb7551efeb55754123056109ab030d1e796ae1b9c2c
.exe windows x86

Password: threatbook

db4d12a037f66d32789a6258735cac25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VarDateFromI2
ClearCustData
VarCyFromI1
VarI4FromUI4
VarI4FromI1
VarR4FromDec
VarR8FromDisp
QueryPathOfRegTypeLi
VarIdiv
VarR8FromDate
VarUI1FromCy
VarCyFromUI4
VarUI1FromI1
SafeArraySetIID
SysFreeString
SafeArrayGetLBound
VarDateFromI1
VarDecFromBool
LPSAFEARRAY_UserSize
VarUI4FromI1
VarFormatPercent
CreateStdDispatch
CreateTypeLi
VarI2FromDate
VarFormatNumber
VarR8FromUI1
LoadTypeLi
SafeArrayCreateVectorEx
GetRecordInfoFromGuids
DispInvoke
VarDecSu
VarUI4FromDate
VariantInit
VarUI2FromStr
UnRegisterTypeLi
VarBoolFromDec
VarBstrFromI1
VarDiv
VarBstrFromI2
VarBoolFromDate

ole32

CreateBindCtx
CreateOleAdviseHolder
HBITMAP_UserUnmarshal

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit

resutils

ResUtilResourcesEqual
ResUtilGetResourceDependency
ResUtilStartResourceService
ResUtilGetEnvironmentWithNetName
ResUtilDupString
ResUtilGetBinaryValue
ResUtilResourceTypesEqual
ResUtilGetProperty
ResUtilGetPrivateProperties
ResUtilGetResourceNameDependency
ResUtilDupParameterBlock
ResUtilEnumPrivateProperties

setupapi

SetupQueryInfFileInformationA

kernel32

GetStartupInfoA
GetModuleHandleA

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

db4d12a037f66d32789a6258735cac25

Headers

File Characteristics

Imports

oleaut32

ole32

msvcrt

resutils

setupapi

kernel32

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 3.3MB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 3.3MB

.rsrc
Size: 4KB - Virtual size: 4KB