81757f42d54233422ccbdd8719a2b80b603fe4b1a52853bf662c72215e17530b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

81757f42d54233422ccbdd8719a2b80b603fe4b1a52853bf662c72215e17530b.zip
Size

16KB
MD5

5a8d9e5bf30d9665debbc39c9f2e7f26
SHA1

fb7faf3ca52451f5905be7c0900f10f52d2eff44
SHA256

dc14cb3f3de8e5c7dba02bff20e2256771bedbc6a53d09140e406b1d77eafcea
SHA512

31c77056f41f3e9d3c38d7ac135aa8acfb024b30251d5a51fc964f1efb33f410a49440132c4fc67af970c10af6701fef63e7acd2c7dd4681e7304613eccc9269
SSDEEP

384:6OZhkoxwfObQ+OntJMNMzGy+JO0sfUQAiAtvjeiwUTUrcRacH:6OZOkugOqJiUQAJvCffcX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CS_def.exe

Files

81757f42d54233422ccbdd8719a2b80b603fe4b1a52853bf662c72215e17530b.zip
.zip

Password: infected
CS_def.exe
.exe windows x86

52660fd194e67522fe7b3e977921edba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ntohs
WSACleanup
gethostbyname
WSAGetLastError
ioctlsocket
send
WSAStartup
closesocket
socket
htons
connect

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

user32

SetWindowLongA
IsDlgButtonChecked
InvalidateRect
wsprintfA
MessageBoxA
DialogBoxParamA
GetSysColor
SetWindowPos
SendMessageA
SetFocus
GetSysColorBrush
SendDlgItemMessageA
EndDialog
GetDC
ReleaseDC
GetDlgItem
EnableWindow
GetWindowLongA

ole32

OleUninitialize
OleInitialize
CoCreateGuid

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

gdi32

SelectPalette
CreatePalette
CreateDIBitmap
RealizePalette
SetBkColor
SetTextColor

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

kernel32

GetProcessHeap
WriteFile
ExitProcess
CopyFileA
Sleep
GetCommandLineA
GetModuleHandleA
GetStartupInfoA
GetSystemTimeAsFileTime
CreateFileA
LockResource
CreateDirectoryA
lstrlenA
HeapAlloc
lstrcpynA
lstrcmpA
HeapFree
GetTickCount
GlobalAlloc
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
CloseHandle
GetLastError
FindResourceA
LoadResource
GetTempPathA
FreeResource
GlobalLock
lstrcpyA
CreateThread
lstrcatA
GetFileAttributesA
CreateProcessA
GetModuleFileNameA
GlobalUnlock
lstrcmpiA
ReadFile
SetFilePointer

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

52660fd194e67522fe7b3e977921edba

Headers

File Characteristics

Imports

wsock32

advapi32

user32

ole32

version

gdi32

wininet

kernel32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 66KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 66KB

.rsrc
Size: 19KB - Virtual size: 18KB