6a70d87899d53aa3f7955cef138fd667609aeb900a1c5f502d831152a3bad8b6[.]zip

General

Target

6a70d87899d53aa3f7955cef138fd667609aeb900a1c5f502d831152a3bad8b6.zip
Size

191KB
MD5

1a58b4957e6a33bf9d67e65229c991da
SHA1

c33330679e13e788d910b7882c7151ce3d05d237
SHA256

5a4a5dfafa24b64ec4605705b11851d2fbf9b1682a0e25c7c8249d08c947e45e
SHA512

36f9e9bf29c38c60fad438eb6743ab3349303671c315ef8b29049abcc134d3134697650d64e9fdf49959777fbbf83c4e8d9a7945792cb4022e33c18c7f4e9535
SSDEEP

3072:xolLzOXuj224AZkZR73w+56biW1o3gU9YVhu6PR/oT6cSyF6lU15gNGZeSeH0qSg:x8bCwClntd3BMuQ5oTjhZeSeUV8cS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6a70d87899d53aa3f7955cef138fd667609aeb900a1c5f502d831152a3bad8b6

Files

6a70d87899d53aa3f7955cef138fd667609aeb900a1c5f502d831152a3bad8b6.zip
.zip

Password: infected
6a70d87899d53aa3f7955cef138fd667609aeb900a1c5f502d831152a3bad8b6
.exe windows x86

Password: infected

f3ca748f76db44ff1430515217457e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
printf
?terminate@@YAXXZ
_access

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f3ca748f76db44ff1430515217457e6d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr90

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 160KB - Virtual size: 160KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 160KB - Virtual size: 160KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 12KB - Virtual size: 12KB