imsidev_003_2023-07-08_02_38_26[.]476

Sharing

Copy URL Twitter E-mail

General

Target

imsidev_003_2023-07-08_02_38_26.476
Size

884KB
MD5

a3e7f6578ffb9cc0a70afe6ff72f1823
SHA1

2da7e43912feb47c60a78fb714ea77cbe7ca63fe
SHA256

4d64794ba4d4cad29e2406e674bfdf3e5582523ca97015dc247e834027a976c1
SHA512

8924c93ce2bd8bca1f1040c30168d03c7e34fc0fbcb4c3fa775aa788a5738b897cd8b417e47e6a75be48a586a456921ecd3295dc4f5d1bfb4102f1f7b6c2e2f6
SSDEEP

24576:dpxOXMeMYomnZmxhVBXmCu0dhYEka0LEuYCa8:HdpRxHYL0QVI47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume2/Users/Public/Music/AdFind.exe

Files

imsidev_003_2023-07-08_02_38_26.476
.zip

Password: Malware123!!
Device/HarddiskVolume2/Users/Public/Music/AdFind.exe
.exe windows x86

Password: Malware123!!

21aa085d54992511b9f115355e468782

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertNameToStrA
CertFreeCertificateContext
CryptDecodeObjectEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

IsValidSecurityDescriptor
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaLookupSids
LsaFreeMemory
ConvertSidToStringSidA
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorLength
LsaOpenPolicy
GetLengthSid
ConvertStringSidToSidA
GetSecurityDescriptorOwner
LookupAccountSidA
IsValidSid
ConvertStringSidToSidW

wldap32

ord309
ord215
ord139
ord132
ord12
ord216
ord178
ord77
ord141
ord207
ord96
ord146
ord223
ord310
ord41
ord218
ord135
ord311
ord72
ord304
ord191
ord14
ord147
ord166
ord79
ord36
ord330
ord27
ord121
ord13
ord54
ord55
ord205
ord26
ord117
ord119
ord126
ord301
ord93
ord73
ord196
ord300

ws2_32

ntohs

kernel32

SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
ReadFile
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
CreateFileW
DeleteFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
HeapFree
HeapAlloc
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
WriteFile
GetModuleFileNameW
GetConsoleCP
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
GetModuleFileNameA
GetFileAttributesExA
SetConsoleTitleA
GetCurrentProcess
lstrlenW
GetStdHandle
MultiByteToWideChar
Sleep
FormatMessageW
GetTimeZoneInformation
LocalFileTimeToFileTime
GetLastError
GetFileAttributesA
QueryFullProcessImageNameA
FileTimeToSystemTime
GetConsoleTitleA
FileTimeToLocalFileTime
LocalFree
SystemTimeToFileTime
WideCharToMultiByte
CreateProcessA
GetFileType
CreateDirectoryA
GetSystemTime
GetTickCount
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
FreeLibrary
LoadLibraryA
LCMapStringW
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

ole32

CLSIDFromString
StringFromGUID2

user32

LoadStringA

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Malware123!!

Password: Malware123!!

21aa085d54992511b9f115355e468782

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

version

advapi32

wldap32

ws2_32

kernel32

ole32

user32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 440KB - Virtual size: 439KB

.data Size: 8KB - Virtual size: 1.0MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 82KB - Virtual size: 81KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 440KB - Virtual size: 439KB

.data
Size: 8KB - Virtual size: 1.0MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 82KB - Virtual size: 81KB