0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178[.]zip

Resubmissions

08/08/2023, 15:11

230808-skprtsdc92 10

08/08/2023, 15:06

230808-sgsdjsdc47 10

Sharing

Copy URL

Twitter E-mail

General

Target

0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178.zip
Size

772KB
MD5

ef11828ae9c6c100eb077120fc619fd2
SHA1

41be91c0acf2340ac9d8de002cbff0d3e0081185
SHA256

65d029c81de68b2db56238ef3016dc0da5831510c62b0b14f805d89c2da3aaa8
SHA512

1d71e3eb07525fa80901a09332a5ea49c1fafc2cf96682f5c7b456febda149a683d5bdc442dada6886e6bd4ff58b0c0110d74d1bcd59084a02a2d7c1bc5a981a
SSDEEP

12288:ht0rlifyrOR1X/b45Xh5A/XdNZg2ioFsCCskw34aeGMrON2mG0a6LwTRSg:0rlJrU1wXhAW2fuCCsF34Q6UsSg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178.exe

Files

0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178.zip
.zip

Password: infected
0060fa563c86399ac56dfc261181beeeafc3a74ded1f88ee248d794fcb14e178.exe
.exe windows x86

Password: infected

a65502a70a2dad082aec77e16b79ce8f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyW
RegReplaceKeyA
LookupAccountNameA
CryptDestroyKey
GetPrivateObjectSecurity
SetAclInformation
SetSecurityDescriptorOwner
CancelOverlappedAccess
StartServiceA
StartServiceW
BuildExplicitAccessWithNameA
SetFileSecurityA
GetNamedSecurityInfoExA
GetSecurityInfoExW
LookupPrivilegeNameW
AddAccessDeniedAce
RegOpenKeyA
CryptHashData
RegSaveKeyW
SetThreadToken
RegEnumValueA
ImpersonateLoggedOnUser
OpenServiceW
QueryServiceConfigA
CryptReleaseContext
CryptDestroyHash
GetExplicitEntriesFromAclW
CryptDecrypt
BuildSecurityDescriptorA
CryptSetProviderExA
InitializeAcl
CryptVerifySignatureA
LockServiceDatabase
CryptGetDefaultProviderA
GetSecurityDescriptorGroup
SetNamedSecurityInfoA
ObjectPrivilegeAuditAlarmA
RegSetValueExA
GetSecurityDescriptorControl
CryptEncrypt
SetEntriesInAuditListA
ImpersonateNamedPipeClient
LookupPrivilegeDisplayNameW
TrusteeAccessToObjectW
SetServiceObjectSecurity
SetSecurityDescriptorGroup
ObjectOpenAuditAlarmA
CryptDuplicateKey
RegDeleteKeyA
BackupEventLogW
CryptSetProvParam
SetNamedSecurityInfoW
GetAccessPermissionsForObjectW
CryptGetKeyParam
GetNamedSecurityInfoA
GetUserNameA
SetSecurityDescriptorDacl
EnumServicesStatusA
ReportEventW
RegisterServiceCtrlHandlerW
OpenSCManagerW
EnumDependentServicesA
RegCloseKey
RegDeleteValueW
QueryServiceObjectSecurity
EqualSid
CreateServiceW
RegCreateKeyA
DestroyPrivateObjectSecurity
OpenSCManagerA
GetSecurityInfoExA
RegisterServiceCtrlHandlerA
BackupEventLogA
CryptGetHashParam
RegGetKeySecurity
CryptExportKey
ConvertSecurityDescriptorToAccessNamedW
RegCreateKeyW
LookupPrivilegeValueA
RegQueryValueW
BuildImpersonateTrusteeW
IsValidAcl
RegOpenKeyExW
SetNamedSecurityInfoExW
RegQueryMultipleValuesA
CryptDeriveKey
LookupPrivilegeDisplayNameA
IsValidSid
ObjectOpenAuditAlarmW
DeleteService
GetFileSecurityW
CryptGenRandom
GetAclInformation
LogonUserW
GetServiceKeyNameA
CryptCreateHash
AdjustTokenGroups
BuildImpersonateExplicitAccessWithNameA
GetKernelObjectSecurity
TrusteeAccessToObjectA
GetOldestEventLogRecord
AddAce
CryptEnumProvidersW
SetSecurityInfo
RegNotifyChangeKeyValue
SetNamedSecurityInfoExA
ControlService
GetTrusteeTypeW
ReportEventA
ObjectCloseAuditAlarmA
RegDeleteValueA
CryptGetProvParam
OpenServiceA
GetFileSecurityA
RegEnumKeyA
GetOverlappedAccessResults
OpenBackupEventLogW
RegEnumValueW
InitializeSid
ObjectDeleteAuditAlarmA
GetEffectiveRightsFromAclW
GetTrusteeTypeA
PrivilegeCheck
ConvertAccessToSecurityDescriptorA

kernel32

SetEndOfFile
SetCommMask
CreateToolhelp32Snapshot
SetWaitableTimer
WaitNamedPipeW
GetStartupInfoA
CreateDirectoryExA
FillConsoleOutputAttribute
BuildCommDCBA
DuplicateHandle
EndUpdateResourceA
GetProcessShutdownParameters
FindNextFileA
OpenEventW
GetProcessWorkingSetSize
ReadConsoleW
WriteConsoleOutputW
WriteConsoleOutputCharacterW
DeleteFileW
VirtualFree
GetCurrencyFormatW
ScrollConsoleScreenBufferA
LoadLibraryExW
GetExitCodeProcess
EnumResourceLanguagesW
FileTimeToLocalFileTime
GetHandleInformation
Thread32Next
TerminateProcess
ExitProcess
SizeofResource
GetProcessVersion
GetProfileStringA
MoveFileExW
SetEnvironmentVariableW
PeekConsoleInputW
FormatMessageW
IsValidLocale
OpenFileMappingW
ReadProcessMemory
GetNumberOfConsoleInputEvents
GetACP
ReadFileEx
EnumResourceNamesA
GetShortPathNameW
SetVolumeLabelA
GetNumberOfConsoleMouseButtons
FindFirstFileW
GetUserDefaultLangID
GetQueuedCompletionStatus
CompareStringW
UpdateResourceW
ReadFileScatter
CallNamedPipeA
FillConsoleOutputCharacterW
CreateThread
lstrcpynW
SetLocaleInfoW
WritePrivateProfileStructA
TerminateThread
ClearCommBreak
VirtualProtect
OutputDebugStringA
SetThreadContext
EnumCalendarInfoExA
GetLocalTime
SetConsoleCP
GetLocaleInfoA
GetThreadContext
RequestWakeupLatency
SystemTimeToFileTime
IsBadHugeWritePtr
Heap32First
CreateFiber
GlobalWire
RaiseException
DosDateTimeToFileTime
SwitchToFiber
FindFirstFileExA
SetVolumeLabelW
SetHandleInformation
GetModuleFileNameA
GetDevicePowerState
GetThreadLocale
SearchPathW
EnumDateFormatsExW
CreateMutexA
CommConfigDialogA
CreateProcessW
GetComputerNameW
DeleteFileA
GetPrivateProfileSectionA
GetPrivateProfileIntW
GetUserDefaultLCID
TlsSetValue
GetTempPathW
RemoveDirectoryW
CancelWaitableTimer
LoadLibraryExA
CancelDeviceWakeupRequest
HeapFree
DisconnectNamedPipe
FindNextChangeNotification
SetConsoleMode
FreeEnvironmentStringsA
MulDiv
GetFileType
GetProfileIntA
IsBadWritePtr
VirtualAlloc
SetProcessWorkingSetSize
SetConsoleScreenBufferSize
GetLargestConsoleWindowSize
HeapDestroy
EraseTape
SetCalendarInfoA
GetProcessAffinityMask
CreateEventW
Process32First
DebugBreak
LCMapStringA
GetSystemInfo
GetOEMCP
GetProcessPriorityBoost
GetVolumeInformationW

ole32

OleCreateLinkFromData
CreateObjrefMoniker
StgCreateDocfileOnILockBytes
OleIsRunning
OleRun
OleCreateFromDataEx
GetHGlobalFromILockBytes
UtGetDvtd16Info
CoCreateInstanceEx
CoSuspendClassObjects
CoQueryClientBlanket
OleSetAutoConvert
CoTaskMemRealloc
WriteClassStm
OleLockRunning
OleCreateMenuDescriptor
CoGetCurrentProcess
CoGetInstanceFromFile
CoImpersonateClient
DllDebugObjectRPCHook
MkParseDisplayName
CoCopyProxy
CreateClassMoniker
SetDocumentBitStg
SetConvertStg
ReleaseStgMedium
GetRunningObjectTable
UpdateDCOMSettings
OleLoad
CreateFileMoniker
OleConvertIStorageToOLESTREAMEx
ReadClassStm
StringFromIID
CoQueryProxyBlanket
PropVariantClear
CoLoadLibrary
StgCreateDocfile
OleDuplicateData
CoReleaseMarshalData
IsEqualGUID
OleCreateLink
OleQueryCreateFromData
DoDragDrop
CoIsHandlerConnected
EnableHookObject
OleRegGetMiscStatus
CreatePointerMoniker
CoMarshalInterThreadInterfaceInStream
CoRegisterPSClsid
CreateAntiMoniker
OleCreateEx
CoMarshalHresult
OleGetIconOfClass
CoInitializeEx
OleCreateLinkFromDataEx
CoQueryAuthenticationServices
IIDFromString
OleCreateLinkToFile
CoGetInterfaceAndReleaseStream
StgOpenStorageOnILockBytes
ReadClassStg
CoRevertToSelf
CreateOleAdviseHolder
GetHookInterface
CoCreateInstance
StgOpenStorageEx
CoDosDateTimeToFileTime
GetHGlobalFromStream
OleCreate
UtConvertDvtd16toDvtd32
WriteStringStream
OleRegGetUserType
CreateDataCache
OleNoteObjectVisible
CoGetInstanceFromIStorage
WriteOleStg
OleConvertOLESTREAMToIStorageEx
StgOpenStorage
CoUnmarshalInterface
CoGetCurrentLogicalThreadId
OleGetClipboard
MonikerCommonPrefixWith
OleCreateFromFileEx
CoBuildVersion
ProgIDFromCLSID
UtGetDvtd32Info
CoRevokeClassObject
CreateDataAdviseHolder
CoFileTimeToDosDateTime
CoReleaseServerProcess
CLSIDFromString
CreateStreamOnHGlobal
OleGetAutoConvert
CoTaskMemFree
CoGetMalloc
PropVariantCopy
WriteFmtUserTypeStg
CoCreateGuid

user32

TrackPopupMenu
GetMenuItemID
ToUnicodeEx
CallWindowProcW
MapVirtualKeyA
IsWindowVisible
SetScrollInfo
DdeCmpStringHandles
SetWindowsHookW
SetShellWindow
GetTabbedTextExtentW
SetWindowLongW
CloseDesktop
DrawFocusRect
FindWindowW
SetSysColors
SubtractRect
GetMonitorInfoW
SetWindowsHookA
PaintDesktop
SendMessageCallbackW
CreateAcceleratorTableW
MenuItemFromPoint
DdeFreeStringHandle
GetInputDesktop
GetMenuDefaultItem
GetMenu
DialogBoxIndirectParamW
BroadcastSystemMessage
SetMessageQueue
GetScrollRange
OpenIcon
DlgDirListComboBoxA
RemoveMenu
CloseWindow
GetMessagePos
GetWindowTextA
GetWindowRect
ChangeDisplaySettingsExA
CreateWindowExA
CreateWindowExW
GrayStringA
GetMessageTime
ChangeMenuW
IntersectRect
PostThreadMessageA
GetClientRect
DispatchMessageW
FlashWindow
LoadMenuW
SetMessageExtraInfo
CascadeWindows
EnumDesktopWindows
ReleaseDC
SetWinEventHook
GetDlgItemTextA
GetWindowTextW
DdeImpersonateClient
MapDialogRect
GetMenuInfo
NotifyWinEvent
DlgDirSelectExW
CopyImage
SwitchDesktop
ChangeDisplaySettingsExW
RegisterWindowMessageA
UnregisterClassW
BringWindowToTop
EndDeferWindowPos
GetDoubleClickTime
LoadMenuIndirectW
LoadImageW
GetTopWindow
SetWindowRgn
GetUserObjectInformationW
LoadKeyboardLayoutW
OemToCharW
LoadBitmapA
IsCharLowerW
UnloadKeyboardLayout
DragDetect
GetKeyboardLayoutNameA
ChangeDisplaySettingsW
SendNotifyMessageA
GetPropW
MessageBoxW
CreateIconFromResource
TabbedTextOutW
SetUserObjectInformationW
EnableWindow
EnableScrollBar
EnumThreadWindows
SetProcessDefaultLayout
GetDlgItem
SendDlgItemMessageW
IsZoomed
EnableMenuItem
WINNLSGetEnableStatus
GetMenuStringA
ShowCaret
RegisterClassExA
LoadAcceleratorsA
SetDlgItemInt
CascadeChildWindows
CallMsgFilterW
SetPropW
CheckMenuRadioItem
GetIconInfo
GetDC
GetMenuCheckMarkDimensions
DragObject
IsMenu
GetWindowTextLengthA
UnregisterDeviceNotification
IsCharAlphaW
SendInput
GetFocus
EnumClipboardFormats
BeginPaint
LoadCursorA
LoadCursorFromFileA
DefWindowProcA
CopyAcceleratorTableW
DdeQueryStringW
CharToOemBuffW
GetDlgCtrlID
FindWindowExA

shlwapi

IntlStrEqWorkerW
PathStripToRootA
SHDeleteKeyW
SHOpenRegStreamA
PathUnmakeSystemFolderW
UrlCompareA
SHGetInverseCMAP
UrlHashA
SHSetThreadRef
PathIsRootA
UrlEscapeA
PathIsUNCW
PathMatchSpecA
PathMatchSpecW
SHRegSetUSValueW
PathFindNextComponentA
PathIsSystemFolderA
UrlUnescapeA
UrlIsA
StrCSpnW
SHSetValueA
PathIsFileSpecA
UrlCanonicalizeA
ColorRGBToHLS
wvnsprintfA
SHCreateShellPalette
wnsprintfW
PathMakeSystemFolderA
SHRegQueryUSValueW
UrlIsOpaqueA
PathIsUNCServerShareA
PathIsUNCServerShareW
PathUndecorateA
PathFindOnPathA
PathRemoveBackslashW
ChrCmpIA
ChrCmpIW
StrCmpNIW
SHQueryInfoKeyW
PathIsFileSpecW
SHGetThreadRef
StrNCatW
PathIsRelativeW
UrlUnescapeW
SHCopyKeyW
StrRChrA
PathIsUNCServerW
PathSkipRootA
PathCompactPathA
SHRegCreateUSKeyA
PathRemoveArgsA
UrlCreateFromPathW
StrTrimA
PathStripPathW
PathGetDriveNumberW
SHDeleteValueA
SHOpenRegStream2A
AssocQueryStringByKeyA
StrCmpW
StrCatBuffA
StrStrW
PathFindNextComponentW
PathSearchAndQualifyA
PathCommonPrefixW
StrFromTimeIntervalA
PathAppendA
StrRetToStrW
SHOpenRegStream2W
GetMenuPosFromID
PathIsPrefixW
PathFindOnPathW
PathRemoveBackslashA
SHCreateStreamOnFileA
UrlIsOpaqueW
UrlCanonicalizeW
SHRegDuplicateHKey
PathUnquoteSpacesW
PathRelativePathToW
PathFindExtensionA
SHQueryInfoKeyA
PathCanonicalizeW
PathGetCharTypeW
StrCmpNIA
UrlGetLocationA
SHCopyKeyA
PathCombineA
PathFindExtensionW
StrCSpnIA
UrlGetLocationW
PathIsSameRootW
SHRegGetBoolUSValueW
PathParseIconLocationA
PathCompactPathExA
ColorAdjustLuma
PathCompactPathW
UrlIsW
PathMakePrettyW
PathFindFileNameW
SHRegWriteUSValueA
PathParseIconLocationW
SHRegQueryUSValueA
SHRegQueryInfoUSKeyA
PathFileExistsW
UrlIsNoHistoryW
SHRegEnumUSValueW
UrlCombineW
PathIsLFNFileSpecA
AssocQueryStringA
StrChrIA
PathGetDriveNumberA
StrCSpnIW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a65502a70a2dad082aec77e16b79ce8f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

user32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 204B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 204B