bfdb29dbc920f90b481cf2abc49cbcfba2068a7bfe3a6fb10428c1bae08770de[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bfdb29dbc920f90b481cf2abc49cbcfba2068a7bfe3a6fb10428c1bae08770de.zip
Size

164KB
MD5

e275da5cbed414475029597b03fbb210
SHA1

7a550e527f2bc893fa3f1f077b8d0fdc1854187b
SHA256

da44f14573e5eda79a4fd476267e8afdb66e44772370d4eb473924bf91f68cbd
SHA512

7f085804f7e9438edb6fdcac3ef763d8be34c96f3aa2be0008bb893c1c7480566732c08f9e641e95a99732d27885a63e221f746d0bf650a46f3150ea54ef7dc9
SSDEEP

3072:51enMvgDd+lXfFzEW8GhFm9n14T7xJwz5ETRjATGODjHOz2EVC/6yZe9O5kMg7H:4M8sv+HGhc1HKKhnuaH/e9gG7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bfdb29dbc920f90b481cf2abc49cbcfba2068a7bfe3a6fb10428c1bae08770de

Files

bfdb29dbc920f90b481cf2abc49cbcfba2068a7bfe3a6fb10428c1bae08770de.zip
.zip

Password: infected
bfdb29dbc920f90b481cf2abc49cbcfba2068a7bfe3a6fb10428c1bae08770de
.exe windows x86

8e5804e6c31537cee19ea70382b7cc44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetNumberOfConsoleInputEvents
GetNumberOfConsoleMouseButtons
GetLogicalDriveStringsW
WaitForSingleObject
InterlockedCompareExchange
AddConsoleAliasW
GetModuleHandleW
GetTickCount
GetCurrentThread
GenerateConsoleCtrlEvent
GetConsoleAliasesA
GetConsoleAliasesLengthA
ReadConsoleW
GetConsoleAliasExesW
SetCommTimeouts
GetPriorityClass
FindResourceExA
GlobalAlloc
LoadLibraryW
FreeConsole
GetCalendarInfoA
GetVersionExW
GlobalFlags
WritePrivateProfileStructW
CreateMutexW
GetModuleFileNameW
CreateActCtxA
GetACP
DeactivateActCtx
OpenMutexW
GetLastError
GetCurrentDirectoryW
ReadConsoleOutputCharacterA
GetProcAddress
VirtualAlloc
LocalLock
LoadLibraryA
WriteConsoleA
GetNumberFormatW
GetCurrentConsoleFont
FindAtomA
GetModuleFileNameA
FindFirstVolumeMountPointA
OpenFileMappingW
RequestWakeupLatency
VirtualProtect
WaitForDebugEvent
CommConfigDialogW
CreateFileA
CloseHandle
CreateTimerQueue
FindNextVolumeW
GetDateFormatW
WriteConsoleW
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
HeapReAlloc
HeapCreate
Sleep
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetConsoleOutputCP

user32

CharUpperBuffW
LoadMenuW
GetCaretPos

advapi32

MapGenericMask
ReportEventA

winhttp

WinHttpCheckPlatform

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8e5804e6c31537cee19ea70382b7cc44

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

winhttp

Sections

.text Size: 153KB - Virtual size: 153KB

.data Size: 14KB - Virtual size: 2.7MB

.rsrc Size: 56KB - Virtual size: 56KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 153KB - Virtual size: 153KB

.data
Size: 14KB - Virtual size: 2.7MB

.rsrc
Size: 56KB - Virtual size: 56KB

.reloc
Size: 13KB - Virtual size: 12KB