115dac82ec01d9317171d4066ebf3bbcb532e9bbcdf9714d6d59dab0d73ec5a9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

115dac82ec01d9317171d4066ebf3bbcb532e9bbcdf9714d6d59dab0d73ec5a9.zip
Size

1.8MB
MD5

6663f09ba58f09165f272a8e6a35594b
SHA1

6a3215c9db165bf45af024aea16a7d61f3c95af8
SHA256

4af263b282ff82e15ccffc37adb61157e378b88acee48d8aea812bdeed7dacf6
SHA512

c4c4c2a0584b5f76fbf277cbd70b4b76126487f1c63fa3ccbec8e5ee9e4ea7bc6c70faea3b8e41ff01fb2305ec5700ab4db6d6fe9b3ed2ef5356023114256767
SSDEEP

49152:tUnSzRJ4IJ3Hv6SRtkXjkGazBBrZu3zU0MZtPa:unkJ4AdRtkTk39tZ2zxMnPa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/115dac82ec01d9317171d4066ebf3bbcb532e9bbcdf9714d6d59dab0d73ec5a9

Files

115dac82ec01d9317171d4066ebf3bbcb532e9bbcdf9714d6d59dab0d73ec5a9.zip
.zip

Password: infected
115dac82ec01d9317171d4066ebf3bbcb532e9bbcdf9714d6d59dab0d73ec5a9.zip
.zip

Password: infected
115dac82ec01d9317171d4066ebf3bbcb532e9bbcdf9714d6d59dab0d73ec5a9
.exe windows x86

Password: infected

e60e52f10548aad834daf5f25c66dc4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCaptureContext
RtlNtStatusToDosError
NtDeviceIoControlFile
NtQuerySystemInformation
NtCancelIoFileEx

kernel32

DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
SleepConditionVariableSRW
GetSystemTimes
lstrlenW
GetProcessTimes
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
OpenProcess
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
GetSystemInfo
GetFileAttributesW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetProcessIoCounters
GetSystemTimeAsFileTime
GetLogicalDrives
GlobalMemoryStatusEx
GetTickCount64
CreateFileW
GetDiskFreeSpaceExW
GetProcAddress
GetModuleHandleA
Sleep
WriteFile
ReadFile
CancelIoEx
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
GetCurrentProcessId
SetHandleInformation
DuplicateHandle
GetCurrentProcess
UnmapViewOfFile
TlsSetValue
TlsFree
InitOnceComplete
TlsGetValue
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
TlsAlloc
AcquireSRWLockExclusive
CloseHandle
UnhandledExceptionFilter
InitOnceBeginInitialize
AcquireSRWLockShared
ReleaseSRWLockShared
CreateThread
QueryPerformanceFrequency
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
WriteConsoleW
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
WideCharToMultiByte
SetFileInformationByHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
TerminateProcess
WakeAllConditionVariable
WakeConditionVariable
CreateMutexA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CopyFileExW
GetConsoleMode
GetModuleHandleW
ExitProcess

advapi32

RegOpenKeyExW
RegQueryValueExA
SystemFunction036
RegCloseKey
RegQueryValueExW

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateStore
CertCloseStore
CertDuplicateCertificateChain
CertFreeCertificateChain
CertOpenStore
CertFreeCertificateContext
CryptUnprotectData
CertDuplicateCertificateContext

ws2_32

WSAIoctl
setsockopt
WSAGetLastError
WSASend
WSARecv
recv
shutdown
getsockopt
getpeername
ioctlsocket
bind
WSASocketW
closesocket
WSAGetOverlappedResult
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo

ole32

CoTaskMemFree
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear

pdh

PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhAddCounterW
PdhOpenQueryA
PdhCollectQueryData
PdhLookupPerfNameByIndexW

psapi

EnumProcessModulesEx
GetPerformanceInfo
GetModuleFileNameExW

powrprof

CallNtPowerInformation

iphlpapi

FreeMibTable
GetIfTable2
GetIfEntry2

netapi32

NetApiBufferFree
NetQueryDisplayInformation
NetUserGetLocalGroups

shell32

SHGetKnownFolderPath

bcrypt

BCryptGenRandom

secur32

EncryptMessage
AcceptSecurityContext
FreeContextBuffer
InitializeSecurityContextW
FreeCredentialsHandle
AcquireCredentialsHandleA
DecryptMessage
DeleteSecurityContext
ApplyControlToken
QueryContextAttributesW

vcruntime140

_except_handler4_common
memcmp
memset
memmove
strrchr
__CxxFrameHandler3
__current_exception_context
__current_exception
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
_msize
_set_new_mode
realloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

strcspn
strncmp
strlen

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_crt_atexit
_controlfp_s
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
exit
_beginthreadex
_endthreadex
terminate
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_exit
_initterm_e

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 743KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

e60e52f10548aad834daf5f25c66dc4c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

crypt32

ws2_32

ole32

oleaut32

pdh

psapi

powrprof

iphlpapi

netapi32

shell32

bcrypt

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 743KB - Virtual size: 743KB

.data Size: 22KB - Virtual size: 24KB

.reloc Size: 101KB - Virtual size: 101KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 743KB - Virtual size: 743KB

.data
Size: 22KB - Virtual size: 24KB

.reloc
Size: 101KB - Virtual size: 101KB