9_TMCw[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9_TMCw.zip
Size

468KB
MD5

db47fc941244375df0957c6b61e432fc
SHA1

854df19dc75492cc670a5da1d107f1051b7a5cb4
SHA256

2c5d4f94032024f4d892d367a48aaf054648d45847fbd1f66ff1746f8bdee065
SHA512

c1d18487205cece6a910e3d6305d5dbb7d5c9203998269464e768740dd9ed26f0258660308734c58a2301677c48b5040fab9f206b04361b5e31147595f4a0bcb
SSDEEP

6144:KUD1pVkpL/82uALtIYIQpApWY7QRMwsb6ZnNcaSxvjQzdr4N+LwJzVWVumXQbuC8:KyqIGhHlMwsOs0zdr4YwzV10ew598sH

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9_TMCw/Jzsmc6.exe
unpack001/9_TMCw/UniAnsi.dll

Files

9_TMCw.zip
.zip

Password: infected
9_TMCw/Jzsmc6.exe
.exe windows x86

3e88f0e8ccd8d511ea7eed8b6ec9e643

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

uniansi

FormatMessageW
GetModuleFileNameW
lstrcpyW
LoadStringW

kernel32

GetUserDefaultLangID
GetModuleHandleA
GetStartupInfoA
MultiByteToWideChar
lstrlenA
lstrcmpA

user32

MessageBoxW

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_exit
_acmdln
_XcptFilter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9_TMCw/UniAnsi.dll
.dll windows x86

614847ef6b4fc245dc60bf8b061ec910

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
Sleep
GetShortPathNameW
FreeLibrary
GetProcAddress
LoadLibraryW
WaitForSingleObject
CreateProcessW
CreateDirectoryW
CreateThread
ExitProcess
SetLastError
VirtualProtect
IsBadReadPtr
VirtualAlloc
VirtualFree
LoadLibraryA
HeapFree
GetProcessHeap
HeapAlloc
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetFileAttributesA
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
HeapDestroy
HeapCreate
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
GetACP
GetOEMCP
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetLocaleInfoW
CreateFileW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

wsprintfW
MessageBoxW

Exports

Exports

CallWindowProcW
CharLowerW
CharNextW
CharUpperW
ChooseFontW
CompareStringW
ConvertMessage
CreateAcceleratorTableW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateMutexW
CreateWindowExW
CreateWindowW
DefWindowProcW
DeleteFileW
DialogBoxParamW
DialogBoxW
DispatchMessageW
DrawTextExW
DrawTextW
EnumFontFamiliesW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindWindowW
FormatMessageW
GUgd
GetClassInfoExW
GetClassInfoW
GetClassNameW
GetCurrentDirectoryW
GetDateFormatW
GetDlgItemTextW
GetLocaleInfoW
GetMessageW
GetModuleFileNameW
GetModuleHandleW
GetObjectW
GetPrivateProfileStringW
GetProfileStringW
GetPropW
GetShortPathNameW
GetStringTypeExW
GetTempFileNameW
GetTempPathW
GetTextFaceW
GetTextMetricsW
GetVersionExW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
InitUniAnsi
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsDialogMessageW
LoadAcceleratorsW
LoadBitmapW
LoadCursorW
LoadIconW
LoadImageW
LoadLibraryExW
LoadLibraryW
LoadMenuW
LoadStringW
OutputDebugStringW
PeekMessageW
PlaySoundW
PostMessageW
PostThreadMessageW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegisterClassExW
RegisterClassW
RegisterWindowMessageW
RemovePropW
SendDlgItemMessageW
SendMessageW
SetCurrentDirectoryW
SetDlgItemTextW
SetMenuItemInfoW
SetPropW
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
ShellExecuteW
SystemParametersInfoW
TranslateAcceleratorW
UpdateUnicodeAPI
WriteConsoleW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
wsprintfW
wvsprintfW

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9_TMCw/info.txt
9_TMCw/out.gin

Sharing

General

Malware Config

Signatures

Files

Password: infected

3e88f0e8ccd8d511ea7eed8b6ec9e643

Headers

File Characteristics

Imports

uniansi

kernel32

user32

ole32

oleaut32

msvcrt

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 26KB - Virtual size: 25KB

614847ef6b4fc245dc60bf8b061ec910

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 12KB - Virtual size: 10KB