11597764329[.]zip

Resubmissions

30/08/2023, 23:34

230830-3kdpnsbh48 7

30/08/2023, 16:33

230830-t2mt8sgh44 7

Sharing

Copy URL Twitter E-mail

General

Target

11597764329.zip
Size

352KB
MD5

18cb3e93952c3e5eb7b1fe9bbc88b778
SHA1

86181ed98cc9b537dd33d4969b115bb4ffef1768
SHA256

41c13df5ed8c190366b8c0998b318d64e872c7732a2fc15df30f43de2774c119
SHA512

e2724a2754249d8cb8526de0c5c009dc2590286c4b5510c394b482318949d0c22b72918dca782938cf9ae9e7d7386df15e206169975b3bc90d68cd6a7a7ff863
SSDEEP

6144:fhAaqym8q2Az21FY0d061Od8IVF6oINt920fnAw9X9upOuCu4guS+gjKiWZwY9oT:fPjAiFlW2OCIDu20fnPH5uCuT5jKz5oT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e3cb80a80bb9a11a54de5a4bfa20758f7477609e4f94388009b5de052547d04a

Files

11597764329.zip
.zip

Password: infected
e3cb80a80bb9a11a54de5a4bfa20758f7477609e4f94388009b5de052547d04a
.exe windows x86

Password: infected

32f9554582e1eb0144cc155937508bfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateIconIndirect
GetSysColor
GetParent
SetPropA
MessageBeep
IsWindowEnabled
IsRectEmpty
PostQuitMessage
CreateWindowExA
GetDesktopWindow
GetClassNameA
GetWindowLongA
IsCharAlphaNumericA

shell32

SHGetDesktopFolder
SHGetSettings

ole32

CoInitializeEx

kernel32

HeapAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileA
CloseHandle
FlushFileBuffers
HeapSize
GetLocalTime
CopyFileA
GetEnvironmentVariableW
GetCommandLineA
CreateMutexA
ExitProcess
GetLastError
CreateSemaphoreA
SetEvent
CreateEventA
SetCurrentDirectoryA
GetOverlappedResult
GetModuleFileNameA
GetModuleHandleA
LoadLibraryW
MoveFileW
GetThreadTimes
FindFirstFileA
VirtualAlloc
Sleep
OutputDebugStringA
lstrlenW
GetDiskFreeSpaceA
GetVersion
CopyFileW
SetStdHandle
IsBadWritePtr
WriteFile
VirtualFree
RtlUnwind
GetStartupInfoA
RaiseException
TerminateProcess
GetCurrentProcess
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
InitializeCriticalSection
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate

version

GetFileVersionInfoSizeA

mpr

WNetCancelConnectionW
WNetCancelConnectionA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

32f9554582e1eb0144cc155937508bfe

Headers

File Characteristics

Imports

user32

shell32

ole32

kernel32

version

mpr

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 80KB - Virtual size: 591KB

.bss Size: 3KB - Virtual size: 2KB

.rsrc Size: 289KB - Virtual size: 289KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 80KB - Virtual size: 591KB

.bss
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 289KB - Virtual size: 289KB