DSIscreensaver[.]scr[.]7z | Triage

Sharing

General

Target

DSIscreensaver.scr.7z
Size

298KB
MD5

416c62f05a1ff0c46954b61cb550d8b5
SHA1

0399224c647771e9814aa6359854ccd44080095b
SHA256

3266831413468f4807c092eb18377e084af3920ac9db90b26ce1c3634a8d280d
SHA512

c7293cb976c3a7037d546772de7a7ac7d9b96cf7c262abcf8f121eb68dafd5a5dd4c9cbbc18c2fc4a7e63ee412968d3d31459af35994b8e1ec285fdfecbbd9da
SSDEEP

6144:JaeEY4uSQuI0pe165AnnUeNaT9MXVH2M/SOvEqQPOb5oR/h80Pd:Jaef4uII1tUeNaTWH2M/SXqQPqSRiA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DSIscreensaver.scr

Files

DSIscreensaver.scr.7z
.7z

Password: infected
DSIscreensaver.scr
.exe windows x86

Password: infected

94a6375a9cbd3f524392d8f7f2ef7832

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

winspool.drv

OpenPrinterA

shell32

ShellExecuteExA

urlmon

CoInternetCreateZoneManager

winmm

timeGetTime

hhctrl.ocx

HtmlHelpA

Sections

pec1
Size: 282KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE