045e794a7b1afe49c7b24a71592992199312a018debb1ad2c8119404cd1fc934

Sharing

Copy URL Twitter E-mail

General

Target

045e794a7b1afe49c7b24a71592992199312a018debb1ad2c8119404cd1fc934
Size

121KB
MD5

05299572722f6c599a9f2460b2c6f8fe
SHA1

17fd7f79f3944157acb151800067a30caa034b99
SHA256

045e794a7b1afe49c7b24a71592992199312a018debb1ad2c8119404cd1fc934
SHA512

12d87f554c4b6ad296ae385a3f5c4b91ebf3cfb3664ddd50dcdbf68cf1e6c8da7d85b340b76b3bf0044bae90473f0ada0ded86fc67aa8293965e2aeb6fe09951
SSDEEP

3072:jGHpJhbRYRaiZIDa/i674dJ6A8u/lWFF/fCj:jGHPhORDIDdxdJ6UlUFi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zip.exe

Files

045e794a7b1afe49c7b24a71592992199312a018debb1ad2c8119404cd1fc934
.zip
zip.exe
.exe windows x86

c3cbc2223d9d7ceff6ef52721d311da8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetSecurityDescriptorLength
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetKernelObjectSecurity

kernel32

GetVolumeInformationA
GetFileAttributesA
FindClose
FindFirstFileA
GetVersion
GetFileType
CloseHandle
GetFileTime
CreateFileA
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
FindNextFileA
GetLastError
lstrcpynA
GetDriveTypeA
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
ExitProcess
TerminateProcess
SetConsoleCtrlHandler
MultiByteToWideChar
GetTimeZoneInformation
GetSystemTime
GetLocalTime
MoveFileA
SetStdHandle
HeapReAlloc
GetCommandLineA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetStartupInfoA
FlushFileBuffers
WriteFile
UnhandledExceptionFilter
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
WideCharToMultiByte
SetEndOfFile
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
CompareStringA
CompareStringW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetProcAddress
LoadLibraryA
GetLocaleInfoW
LCMapStringA
LCMapStringW
DeleteFileA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
PeekNamedPipe
RemoveDirectoryA
GetCurrentDirectoryA
GetCurrentProcessId
GetExitCodeProcess
CreateProcessA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3cbc2223d9d7ceff6ef52721d311da8

Headers

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 323KB

.tc Size: 248KB - Virtual size: 248KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 323KB

.tc
Size: 248KB - Virtual size: 248KB

.rmnet
Size: 60KB - Virtual size: 60KB