unknown_exe_11619880931[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

unknown_exe_11619880931.zip
Size

890KB
MD5

5c4bd0613af5d205e648c9f9a5f7c17d
SHA1

aa05ff2fc05e9731b1e3d77d007bdcee2ef962e7
SHA256

5808fdef79001c1588cd0f1edbc40f314de4fdb6cec2ebe16f3357c96457dd23
SHA512

8452e048a0ad334f6ffc62608e129201790669906a352028d10658b950a6d793d3b64f13c8b3355ee7844e8538a4f12a3e2f1f3c6e9b99e4aaeba1f7b6a7717d
SSDEEP

24576:ABsUomweEf2RR9R8d28KWFfES41UOrNUX+X2Rgg:4sDmw6vC287ES7+NUXnh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/df1bc22e0117e6110467367bd006bb9289462178483408f74feb5a3ae3a6a9d7

Files

unknown_exe_11619880931.zip
.zip

Password: infected
df1bc22e0117e6110467367bd006bb9289462178483408f74feb5a3ae3a6a9d7
.exe windows x86

cc5359f8aea07a6b0d3d6363bdc6b2cf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
ord17
ord16

usp10

ScriptPlace
ScriptShape
ScriptItemize
ScriptStringAnalyse
ScriptStringOut
ScriptStringFree

kernel32

GetTickCount
FormatMessageA
GetLastError
LoadLibraryA
CreateFileA
ReadFile
GetFileSize
InterlockedIncrement
InterlockedDecrement
IsBadReadPtr
GetStringTypeW
GetStringTypeA
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
CreateThread
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
GetCurrentProcess
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
CloseHandle
WaitForSingleObject
TerminateProcess
CreateProcessA
GetModuleFileNameA
GetUserDefaultLCID
WideCharToMultiByte
MultiByteToWideChar
GlobalSize
lstrcpyA
lstrlenA
lstrcpynA
MulDiv
LCMapStringW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
FindResourceA
LoadResource
LockResource
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LCMapStringA
GetEnvironmentStrings

user32

DispatchMessageA
PostQuitMessage
OpenClipboard
EmptyClipboard
SetClipboardData
DestroyWindow
PtInRect
SetCapture
ReleaseCapture
UpdateWindow
SetCursor
TranslateMessage
KillTimer
MoveWindow
DialogBoxParamA
MessageBoxA
DrawEdge
EndDialog
GetWindowTextA
FillRect
GetScrollInfo
InvalidateRect
SetScrollInfo
GetMessageA
ShowWindow
LoadBitmapA
SetTimer
GetDlgItem
SetWindowTextA
SendMessageA
wsprintfA
GetFocus
SetCaretPos
CreateCaret
ShowCaret
DestroyCaret
SetFocus
GetAsyncKeyState
GetKeyState
CopyRect
GetDC
ReleaseDC
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetWindowLongA
SetWindowLongA
GetClientRect
BeginPaint
EndPaint
DefWindowProcA
SetScrollPos
CloseClipboard

gdi32

GetStockObject
SetTextAlign
SetBkMode
DeleteObject
CreateFontIndirectA
SelectPalette
SetBkColor
CreateCompatibleBitmap
CreateSolidBrush
CreatePatternBrush
CreateDIBitmap
CreatePalette
CreateBitmap
PatBlt
RealizePalette
DeleteDC
BitBlt
GetObjectA
SelectObject
CreateCompatibleDC
GetDeviceCaps
GetDIBits

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

ole32

CLSIDFromProgID
CoInitialize
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
GetActiveObject

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 762KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

cc5359f8aea07a6b0d3d6363bdc6b2cf

Headers

File Characteristics

Imports

comctl32

usp10

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 762KB

.rsrc Size: 2.7MB - Virtual size: 2.8MB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 762KB

.rsrc
Size: 2.7MB - Virtual size: 2.8MB