13b2e82425e8a623a4d30243da68acbddd35241fe50867055dc852d0df81a87b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

13b2e82425e8a623a4d30243da68acbddd35241fe50867055dc852d0df81a87b.zip
Size

1.7MB
MD5

d586b09aac8fd298e8d6c165adbc2a87
SHA1

4f3b93e7f83bbb6b167c379b6fd824f2ec7d1b56
SHA256

ae75f710c4caf96431326d5d53218fa4448cd0d3df957a7da2b693ba102f16f9
SHA512

291344517cb008b2e08c4e229c2cadeb3e133dc425aa8df2fbc46ef2915f8df5e94dd2a133f40f114de1e92a416c850a86585bd683daab5f791dbf0b65a965ec
SSDEEP

49152:eplRiS24flZVvGpKqWJX7K9xScwZadeX9F:UlRRflZV+gqWVOubZHX9F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/13b2e82425e8a623a4d30243da68acbddd35241fe50867055dc852d0df81a87b

Files

13b2e82425e8a623a4d30243da68acbddd35241fe50867055dc852d0df81a87b.zip
.zip

Password: infected
13b2e82425e8a623a4d30243da68acbddd35241fe50867055dc852d0df81a87b.zip
.zip

Password: infected
13b2e82425e8a623a4d30243da68acbddd35241fe50867055dc852d0df81a87b
.exe windows x86

Password: infected

0165d6f75749603ef01bd86615283564

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQuerySystemInformation
NtDeviceIoControlFile
RtlNtStatusToDosError
RtlCaptureContext
NtCancelIoFileEx

kernel32

DeviceIoControl
CreateFileW
GetSystemInfo
GetSystemTimes
SleepConditionVariableSRW
lstrlenW
GetProcessTimes
OpenProcess
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
GetVolumeInformationW
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetProcessIoCounters
GetSystemTimeAsFileTime
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
FlushViewOfFile
GetDiskFreeSpaceExW
GetProcAddress
GetModuleHandleA
Sleep
WriteFile
ReadFile
CancelIoEx
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetCurrentProcessId
SetHandleInformation
DuplicateHandle
GetCurrentProcess
GetDriveTypeW
TlsSetValue
TlsGetValue
ReleaseSRWLockExclusive
TlsFree
InitOnceComplete
TryAcquireSRWLockExclusive
TlsAlloc
AcquireSRWLockExclusive
CloseHandle
UnhandledExceptionFilter
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
CreateThread
QueryPerformanceFrequency
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
WriteConsoleW
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
WideCharToMultiByte
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
CreateMutexA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
GetConsoleMode
GetModuleHandleW
ExitProcess

advapi32

RegQueryValueExA
RegQueryValueExW
SystemFunction036
RegCloseKey
RegOpenKeyExW

crypt32

CertAddCertificateContextToStore
CertDuplicateStore
CertEnumCertificatesInStore
CertCloseStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateChain
CertFreeCertificateChain
CryptUnprotectData
CertDuplicateCertificateContext

ws2_32

WSAIoctl
setsockopt
WSASend
WSARecv
recv
shutdown
getsockopt
getpeername
ioctlsocket
bind
WSASocketW
closesocket
WSAGetLastError
WSAGetOverlappedResult
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

ole32

CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocString
VariantClear
SysFreeString

pdh

PdhAddCounterW
PdhCollectQueryData
PdhCloseQuery
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhOpenQueryA

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
EnumProcessModulesEx
GetModuleFileNameExW

iphlpapi

GetIfTable2
FreeMibTable
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetQueryDisplayInformation

shell32

SHGetKnownFolderPath

bcrypt

BCryptGenRandom

secur32

InitializeSecurityContextW
FreeCredentialsHandle
EncryptMessage
DecryptMessage
DeleteSecurityContext
ApplyControlToken
AcceptSecurityContext
FreeContextBuffer
QueryContextAttributesW
AcquireCredentialsHandleA

vcruntime140

_except_handler4_common
memcmp
memset
memmove
strrchr
__CxxFrameHandler3
__current_exception_context
__current_exception
memcpy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
realloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strlen
strcspn

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_controlfp_s
_beginthreadex
_endthreadex
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_exit
_initterm_e

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

0165d6f75749603ef01bd86615283564

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

crypt32

ws2_32

ole32

oleaut32

pdh

powrprof

psapi

iphlpapi

netapi32

shell32

bcrypt

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 613KB - Virtual size: 612KB

.data Size: 22KB - Virtual size: 24KB

.reloc Size: 99KB - Virtual size: 99KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 613KB - Virtual size: 612KB

.data
Size: 22KB - Virtual size: 24KB

.reloc
Size: 99KB - Virtual size: 99KB