1e278e78a4261ebd65d2fc9b2d477bb8c19e15a22aea669947b531859cd12216[.]zip

General

Target

1e278e78a4261ebd65d2fc9b2d477bb8c19e15a22aea669947b531859cd12216.zip
Size

44KB
MD5

9d316c7d49c7037d23f0b6df578e7af3
SHA1

43f39e758104ac0e41b4f854672ae53d76cb2ba1
SHA256

e6b2754a53da50b7da08b36a2aff7890689ea7614d5d556bb9e075d40a3cab19
SHA512

46a8ce74006519e52d60886582d9a52e419cfd3095134b5c42ad236e302e24ea5ab4dcd4b4886a0dd1467ef28a5ae0dc972a21021370d4bb60a302cc2d300780
SSDEEP

768:oK3l5gdfWoWcGJQmL69ni1vmYuu8B0kcnmyJNR5GxWVtR3e3jOndamicJ9dvLQ3D:58eoWcGJQmL6JkvmE8B0kcnmyjziWTR2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1e278e78a4261ebd65d2fc9b2d477bb8c19e15a22aea669947b531859cd12216

Files

1e278e78a4261ebd65d2fc9b2d477bb8c19e15a22aea669947b531859cd12216.zip
.zip

Password: threatbook
1e278e78a4261ebd65d2fc9b2d477bb8c19e15a22aea669947b531859cd12216
.exe windows x86

Password: threatbook

e91249385e250f495a3a37a24b428802

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
CloseHandle
LocalFree
GetModuleFileNameW
GetVersionExW
GetCommandLineW
WaitForSingleObject
DeleteCriticalSection
CreateEventW
GetStringTypeW
ExitProcess
HeapDestroy
LoadLibraryA
GetProcAddress
GetCurrentThread
VirtualAlloc
GetEnvironmentStrings
MultiByteToWideChar
GetVersionExA
GetOEMCP
GetACP
RtlUnwind
GetStartupInfoW
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
HeapFree
WriteFile
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
InitializeCriticalSection
FatalAppExitA
HeapReAlloc
SetConsoleCtrlHandler
GetStringTypeA
Sleep
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExW
RegSetValueExA
RegEnumValueA
RegEnumKeyExA

shlwapi

SHCopyKeyW

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

e91249385e250f495a3a37a24b428802

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 9KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 9KB