9defac37d5bfcc914ff7734f6099cca7b7ce507d197e61e3887f9f048fb18021[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9defac37d5bfcc914ff7734f6099cca7b7ce507d197e61e3887f9f048fb18021.zip
Size

1.8MB
MD5

813a4a8071dc166b221608726f9e216a
SHA1

be22b0d06ba00615ddfcf24f4e0f22d312f9963d
SHA256

02b2374135ab8a468bda6c0aaed3cb42a41a8de23b6aaa0d51ba0484e9a0771f
SHA512

b476b9f8630eeed73607f81b0cb2e44b4eb0f9de53e109bcf97b9e903faeec0ca961c12f665299da68788481d7b56162a5ff1f30a9a1a5e440b76b12f1693a2e
SSDEEP

49152:+s4/CABRESIy2Fo//6yVlI1iNk5J6WylrjQ3ooBKt1i:+s4/9r5Iysi/h+6WW2s4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/9defac37d5bfcc914ff7734f6099cca7b7ce507d197e61e3887f9f048fb18021

Files

9defac37d5bfcc914ff7734f6099cca7b7ce507d197e61e3887f9f048fb18021.zip
.zip

Password: infected
9defac37d5bfcc914ff7734f6099cca7b7ce507d197e61e3887f9f048fb18021.zip
.zip

Password: infected
9defac37d5bfcc914ff7734f6099cca7b7ce507d197e61e3887f9f048fb18021
.exe windows x86

Password: infected

71489fb413934308088b83a64812155f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCaptureContext
RtlNtStatusToDosError
NtQuerySystemInformation
NtDeviceIoControlFile
NtCancelIoFileEx

kernel32

DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
SleepConditionVariableSRW
GetSystemTimes
lstrlenW
GetProcessTimes
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
OpenProcess
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetSystemInfo
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetExitCodeProcess
GetProcessIoCounters
GetSystemTimeAsFileTime
GetDiskFreeSpaceExW
GetLogicalDrives
GlobalMemoryStatusEx
CreateFileW
GetTickCount64
GetProcAddress
Sleep
WriteFile
GetOverlappedResult
ReadFile
CancelIoEx
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetTempPathA
GetCurrentProcessId
SetHandleInformation
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
TlsSetValue
TlsGetValue
TlsFree
InitOnceComplete
DuplicateHandle
GetCurrentProcess
TlsAlloc
GetModuleHandleA
CloseHandle
UnhandledExceptionFilter
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
CreateThread
QueryPerformanceFrequency
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
WriteConsoleW
CreateProcessW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
WideCharToMultiByte
GetWindowsDirectoryW
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
GetSystemDirectoryW
CreateMutexA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
CreateEventW
CancelIo
GetConsoleMode
GetModuleHandleW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
WaitForMultipleObjects

advapi32

RegOpenKeyExW
RegQueryValueExA
SystemFunction036
RegCloseKey
RegQueryValueExW

crypt32

CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertAddCertificateContextToStore
CryptUnprotectData
CertOpenStore
CertDuplicateStore

ws2_32

WSAIoctl
setsockopt
WSAGetLastError
WSASend
WSARecv
recv
shutdown
getsockopt
getpeername
ioctlsocket
bind
WSASocketW
closesocket
WSAGetOverlappedResult
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

pdh

PdhCloseQuery
PdhLookupPerfNameByIndexW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddCounterW
PdhCollectQueryData
PdhOpenQueryA

psapi

GetModuleFileNameExW
EnumProcessModulesEx
GetPerformanceInfo

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear

powrprof

CallNtPowerInformation

netapi32

NetQueryDisplayInformation
NetApiBufferFree
NetUserGetLocalGroups

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

shell32

SHGetKnownFolderPath

bcrypt

BCryptGenRandom

secur32

EncryptMessage
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
AcquireCredentialsHandleA
ApplyControlToken
FreeCredentialsHandle

vcruntime140

__current_exception
memcmp
memset
memmove
strrchr
__CxxFrameHandler3
__current_exception_context
_except_handler4_common
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
_msize
realloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strncmp
strcspn
strlen

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_beginthreadex
_controlfp_s
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_endthreadex
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr
_libm_sse2_log_precise

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 798KB - Virtual size: 797KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

71489fb413934308088b83a64812155f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

crypt32

ws2_32

pdh

psapi

ole32

oleaut32

powrprof

netapi32

iphlpapi

shell32

bcrypt

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 798KB - Virtual size: 797KB

.data Size: 22KB - Virtual size: 24KB

.reloc Size: 103KB - Virtual size: 103KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 798KB - Virtual size: 797KB

.data
Size: 22KB - Virtual size: 24KB

.reloc
Size: 103KB - Virtual size: 103KB