jdAtv0hdAv5LI8roG[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

jdAtv0hdAv5LI8roG.zip
Size

29.7MB
MD5

5f74bf0f5c63388a67bcc8d91aada660
SHA1

487bbcadfb2396ae49d72c27db9a91bb9edcf316
SHA256

d1474d26ad7d9c80b9f501af61d7c661ad20488d557a267a234a42c614fc086a
SHA512

6baca26e945889a9ca547e7621a27bc9f3120860298e78f440e6609d9331055fd94b14bdeca5eaa259d48d45dfb910a12f4e12a1c5d3d7d9482e7fcad7bd4569
SSDEEP

786432:uzd3bfgFdY/ZTcjT7P7RSzH/KoqYniMAbJ12/V//DvAlzmHe3M:u5b0T7DRiHRx2bJ4XbuM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/jdAtv0hdAv5LI8roG.exe

Files

jdAtv0hdAv5LI8roG.zip
.zip

Password: infected
jdAtv0hdAv5LI8roG.exe
.exe windows x86

Password: infected

e3afdeecff0de989abe15166f6173693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlCaptureContext
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WriteConsoleW
WriteFileEx
CreateSemaphoreW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
VirtualProtect
VirtualQuery

ole32

CoCreateGuid

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocStringLen
SysFreeString
SysStringLen

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

msvcrt

__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_commode
_fmode
_fpreset
_initterm
_iob
_onexit
abort
calloc
exit
exp
fprintf
free
frexp
fwrite
log
malloc
memcmp
memcpy
memmove
memset
pow
signal
strlen
strncmp
vfprintf
wcslen

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27.5MB - Virtual size: 27.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 425KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 561KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 724B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e3afdeecff0de989abe15166f6173693

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

ole32

oleaut32

userenv

ws2_32

msvcrt

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.data Size: 27.5MB - Virtual size: 27.5MB

.rdata Size: 425KB - Virtual size: 425KB

.eh_fram Size: 561KB - Virtual size: 561KB

.bss Size: - Virtual size: 724B

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 466KB - Virtual size: 465KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 27.5MB - Virtual size: 27.5MB

.rdata
Size: 425KB - Virtual size: 425KB

.eh_fram
Size: 561KB - Virtual size: 561KB

.bss
Size: - Virtual size: 724B

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 466KB - Virtual size: 465KB