b4875afb3af381609cde6adf63116aaa1a46c4ec874b7f7b514b43e7cb3fec8f[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b4875afb3af381609cde6adf63116aaa1a46c4ec874b7f7b514b43e7cb3fec8f.zip
Size

1.8MB
MD5

13d8c4105e802bb4eeb249877a9e0f5e
SHA1

30103d12b8de7664f3b4333f171da98288a7a8ee
SHA256

97fca60e5da6b71e644ccf9151ced5433791a052658e35eb205f47163ba67065
SHA512

cbb53e38c3e318f7f596d2900f550d279779965730e958f4a4aaf1cf07b249fe6203da5865aae1da38c39f7c61d41fb0ebcde6655a05c759cb6d6a735724de96
SSDEEP

49152:mxBo2AKuLZJrmfNgd38mZbtS5mQOi5WZJ:4GKiF1umQOIWZJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/b4875afb3af381609cde6adf63116aaa1a46c4ec874b7f7b514b43e7cb3fec8f

Files

b4875afb3af381609cde6adf63116aaa1a46c4ec874b7f7b514b43e7cb3fec8f.zip
.zip

Password: infected
b4875afb3af381609cde6adf63116aaa1a46c4ec874b7f7b514b43e7cb3fec8f.zip
.zip

Password: infected
b4875afb3af381609cde6adf63116aaa1a46c4ec874b7f7b514b43e7cb3fec8f
.exe windows x86

Password: infected

747f49dcc153709fa2a1661d19e4e4f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCaptureContext
RtlNtStatusToDosError
NtQuerySystemInformation
NtDeviceIoControlFile
NtCancelIoFileEx

kernel32

DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
SleepConditionVariableSRW
GetSystemTimes
lstrlenW
GetProcessTimes
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
OpenProcess
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetSystemInfo
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
GetLogicalDrives
GlobalMemoryStatusEx
CreateFileW
GetTickCount64
GetProcAddress
Sleep
WriteFile
GetOverlappedResult
ReadFile
CancelIoEx
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetTempPathA
GetCurrentProcessId
SetHandleInformation
TlsSetValue
TlsGetValue
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
TlsFree
InitOnceComplete
DuplicateHandle
GetCurrentProcess
TlsAlloc
GetModuleHandleA
CloseHandle
UnhandledExceptionFilter
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
CreateThread
QueryPerformanceFrequency
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
WriteConsoleW
CreateProcessW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
WideCharToMultiByte
GetWindowsDirectoryW
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
GetSystemDirectoryW
CreateMutexA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetModuleHandleW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
WaitForMultipleObjects

advapi32

RegOpenKeyExW
RegQueryValueExA
SystemFunction036
RegCloseKey
RegQueryValueExW

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertAddCertificateContextToStore
CryptUnprotectData
CertOpenStore
CertDuplicateStore

ws2_32

WSAIoctl
setsockopt
WSAGetLastError
WSASend
WSARecv
recv
shutdown
getsockopt
getpeername
ioctlsocket
bind
WSASocketW
closesocket
WSAGetOverlappedResult
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddCounterW
PdhCollectQueryData
PdhOpenQueryA

psapi

GetModuleFileNameExW
EnumProcessModulesEx
GetPerformanceInfo

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear

powrprof

CallNtPowerInformation

netapi32

NetQueryDisplayInformation
NetApiBufferFree
NetUserGetLocalGroups

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

shell32

SHGetKnownFolderPath

bcrypt

BCryptGenRandom

secur32

EncryptMessage
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
AcquireCredentialsHandleA
ApplyControlToken
FreeCredentialsHandle

vcruntime140

__current_exception
memcmp
memset
memmove
strrchr
__CxxFrameHandler3
__current_exception_context
_except_handler4_common
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
_msize
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strcspn
strlen

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_beginthreadex
_controlfp_s
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_endthreadex
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_log_precise

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 798KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

747f49dcc153709fa2a1661d19e4e4f5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

crypt32

ws2_32

pdh

psapi

ole32

oleaut32

powrprof

netapi32

iphlpapi

shell32

bcrypt

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 798KB - Virtual size: 797KB

.data Size: 22KB - Virtual size: 24KB

.reloc Size: 103KB - Virtual size: 103KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 798KB - Virtual size: 797KB

.data
Size: 22KB - Virtual size: 24KB

.reloc
Size: 103KB - Virtual size: 103KB