ClassicShell[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ClassicShell.zip
Size

5.9MB
MD5

b7fd79848168944be8e814cf1906584f
SHA1

458df8a79e4d7655c374a5ed34fb483c3dfbfe7b
SHA256

0a3b36782bb9d5c5928608014274a150aa1e8354ea3e222a27cc16945978b3f0
SHA512

b27bb56db7ac6c52d92adf27eb61b739b49a82521d1699b5c4f5b50c47f0ab00bb81eb916db9bae7cd3981e6bb854b1846efb10d055c976e0a383eec6ad20076
SSDEEP

98304:LQIa48vXx1iTBWgr8mCMHx0M/HH67BEKRc4cxT6ww9B/90QSwgPOQKb8bcoEdeMb:LzaFX7osi1HxfHa7BLRc5T6Bb38/EIEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ClassicShell.exe

Files

ClassicShell.zip
.zip

Password: SubtoPrydev
ClassicShell.exe
.exe windows x86

Password: SubtoPrydev

b32daf0bb9b8128e4ceae88e93d599b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
calloc
free
fwrite
memcpy
signal
vfprintf

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: SubtoPrydev

Password: SubtoPrydev

b32daf0bb9b8128e4ceae88e93d599b4

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 528B

.rdata Size: 512B - Virtual size: 312B

/4 Size: 1024B - Virtual size: 928B

.bss Size: - Virtual size: 96B

.idata Size: 1024B - Virtual size: 944B

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 24B

/29 Size: 3KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 167B

/55 Size: 512B - Virtual size: 189B

.rsrc Size: 6.8MB - Virtual size: 6.8MB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 528B

.rdata
Size: 512B - Virtual size: 312B

/4
Size: 1024B - Virtual size: 928B

.bss
Size: - Virtual size: 96B

.idata
Size: 1024B - Virtual size: 944B

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 24B

/29
Size: 3KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 167B

/55
Size: 512B - Virtual size: 189B

.rsrc
Size: 6.8MB - Virtual size: 6.8MB