XDR_ResponseApp_CollectFile_RM-20230630-00003_f1fd8337-b6c9-43d2-b921-12f0d95d9fe6_20230630T095928Z[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

XDR_ResponseApp_CollectFile_RM-20230630-00003_f1fd8337-b6c9-43d2-b921-12f0d95d9fe6_20230630T095928Z.7z
Size

21KB
MD5

3137094187d0dad469aac0926d77b0b0
SHA1

fa2aca3ad88f5652bbf114010b7177f448edf4f6
SHA256

4db9e5b3ed7aa8ff612c5a31620bd8f72440744d0d4f8d510a6ee74c7a1f3948
SHA512

30e23cb6dff54e0ca2b11316d3d840b89fec8133624a993a3dba1fdabff5c5ed5e8d8ce7ac38b60b8d270510873f0153684618278dc4ceb09b48fca393cd3243
SSDEEP

384:BVxJfZLz1/dWj3G2OGcAjjBJjLmlUjXFoVPb6THdfHT8sTJ0p7b:BzdZlsj3GURjjze+jFoYT9fHT8sKn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.doc.exe

Files

XDR_ResponseApp_CollectFile_RM-20230630-00003_f1fd8337-b6c9-43d2-b921-12f0d95d9fe6_20230630T095928Z.7z
.zip

Password: 67xt15sd
Setup.doc.exe
.exe windows x86

Password: 67xt15sd

8dcee093c360128f859c7cd3e13a1ac4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerInstallFileA

kernel32

AddAtomA
HeapDestroy
GetModuleHandleA
GetStartupInfoA
HeapCreate
ExitProcess
lstrcpyA
GetCommandLineA
HeapAlloc
HeapFree
LockResource
LoadResource
FindResourceA
FindResourceExA
RemoveDirectoryA
LocalFree
FormatMessageA
InterlockedDecrement
SetEvent
OpenEventA
CopyFileA
GetTempFileNameA
GetTempPathA
WaitForSingleObject
SetFileAttributesA
GetLastError
GetShortPathNameA
GetWindowsDirectoryA
GetFileAttributesA
CreateDirectoryA
SetLastError
lstrlenA
CompareStringA
GetPrivateProfileStringA
GetVersionExA
GlobalLock
GlobalAlloc
GetUserDefaultLangID
GetModuleFileNameA
RtlUnwind
GetAtomNameA
DeleteFileA
Sleep
CloseHandle
lstrlenW
WideCharToMultiByte
GlobalUnlock
GlobalFree
MultiByteToWideChar
GetPrivateProfileIntA
CreateProcessA
CreateFileA
SetErrorMode
CompareStringW

user32

TranslateMessage
PeekMessageA
GetWindowLongA
EndDialog
GetDlgItem
SendMessageA
SetWindowLongA
DispatchMessageA
IsDialogMessageA
CreateDialogIndirectParamA
SetDlgItemTextA
GetDesktopWindow
GetClientRect
GetWindowRect
MoveWindow
CharNextA
CharUpperA
wsprintfA
ReleaseDC
LoadImageA
GetDC
EndPaint
CreateDialogParamA
BeginPaint
DialogBoxIndirectParamA
MessageBoxA
DestroyWindow
CharLowerA

gdi32

DeleteDC
SelectObject
RealizePalette
SelectPalette
UnrealizeObject
CreateCompatibleDC
GetObjectA
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetSystemPaletteEntries
GetDIBColorTable
BitBlt

advapi32

RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA

ole32

CoCreateInstance
CoFreeAllLibraries
CoInitialize
CoUninitialize

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SafeArrayGetLBound
VariantClear
SafeArrayGetElement
SysAllocString
SafeArrayGetUBound

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 67xt15sd

Password: 67xt15sd

8dcee093c360128f859c7cd3e13a1ac4

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB