11593555145[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

11593555145.zip
Size

313KB
MD5

9b4ccfb74e6790aff60a4b89881643bb
SHA1

887c22c76806f527254682a61e49e9aa54d8f851
SHA256

699b3c92e530397178ab47c4a44e5584dabb98297ebf9f5278ac78a4ffa90731
SHA512

8d3fcfbaf703d46f817e3a417ea691ae24886a41c26441ccedb47eb364128d509424a46457b9b332abe9abd84e0d56409e49325a91a19be54597657d67f65b12
SSDEEP

6144:CY70amDTxZ4sGhJV4Ji8/iAnkJ69pO085weRFE/I4sCdRE6viQVkpnFTN:HsGhb4Q0iAnkJKpO15weDEgrw9vi+Knv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1e49eb6c50a7292ba234fb58d2f7ea8526276fa19b6d2091c0ce6375447e2a32

Files

11593555145.zip
.zip

Password: infected
1e49eb6c50a7292ba234fb58d2f7ea8526276fa19b6d2091c0ce6375447e2a32
.dll windows x86

Password: infected

f6f50e027a4c4acd49d92eaf66f7a1de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscms

GetStandardColorSpaceProfileW

gdi32

GetPixelFormat
FillPath
GetStockObject
GetMetaFileA
GetTextColor
GetPolyFillMode
GetTextExtentExPointI
GetTextExtentExPointW
GetCharacterPlacementW
GetFontUnicodeRanges
GdiSetBatchLimit
GetPath
GetDIBColorTable
DeleteColorSpace

secur32

DecryptMessage
FreeContextBuffer

wininet

GetUrlCacheEntryInfoExA

kernel32

GetConsoleTitleA
GetCurrentDirectoryA
EnumSystemLocalesW
EnumSystemGeoID
GetProfileStringW
GetVolumePathNamesForVolumeNameW
DefineDosDeviceA
WriteProfileStringW
EnumTimeFormatsA
GetTapeStatus
DeleteTimerQueueTimer
GetSystemTime
VirtualQueryEx
GetUserDefaultLangID
VirtualFree
GetTapePosition
GetStringTypeW
FindFirstFileW
GlobalLock
FindResourceExA
GetComputerNameW
EnumResourceNamesW
GetTimeFormatA
GetSystemTimeAsFileTime
GetConsoleMode
lstrlenA
GetExitCodeProcess
IsValidCodePage
GetSystemDefaultLangID
GetCurrentThreadId
GetModuleFileNameW
GetBinaryTypeW
ExitThread
lstrcmpiW
VirtualFreeEx
VirtualProtectEx
GetTempPathA
GetSystemPowerStatus
GetFileAttributesExW

ws2_32

shutdown

winspool.drv

DeletePrinter
FindFirstPrinterChangeNotification

msvcrt

memset
_time64
strtol
strtoul
fputws
strcspn
strspn
tolower
strcmp

comdlg32

GetSaveFileNameA
GetSaveFileNameW

user32

DrawIcon
FindWindowW
GetKeyNameTextW
InsertMenuA
FlashWindow
LoadKeyboardLayoutA
LoadIconA
GetUserObjectInformationW
GetWindowInfo
GetClipboardSequenceNumber
ModifyMenuA
GetUpdateRect
GetClassInfoA
GetClassInfoExA
GetWindowRect
GetWindowTextW
GetMenuStringW
GetProcessDefaultLayout
GetPropW
DefMDIChildProcW
DefWindowProcA
LoadMenuW
LoadCursorW
EnumWindowStationsW
GetWindowTextA

oleaut32

GetErrorInfo

version

GetFileVersionInfoSizeA

advapi32

IsValidAcl
GetServiceDisplayNameW
RegOpenKeyA
GetOldestEventLogRecord
GetFileSecurityW
LookupPrivilegeNameW
GetServiceKeyNameA
GetSidIdentifierAuthority
LookupAccountSidW
GetLengthSid

shell32

ExtractAssociatedIconExW
ExtractAssociatedIconA

powrprof

IsPwrHibernateAllowed

urlmon

IsValidURL

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f6f50e027a4c4acd49d92eaf66f7a1de

Headers

DLL Characteristics

File Characteristics

Imports

mscms

gdi32

secur32

wininet

kernel32

ws2_32

winspool.drv

msvcrt

comdlg32

user32

oleaut32

version

advapi32

shell32

powrprof

urlmon

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 264KB - Virtual size: 260KB

.data Size: 16KB - Virtual size: 23KB

.idata Size: 8KB - Virtual size: 5KB

.erloc Size: 108KB - Virtual size: 107KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 264KB - Virtual size: 260KB

.data
Size: 16KB - Virtual size: 23KB

.idata
Size: 8KB - Virtual size: 5KB

.erloc
Size: 108KB - Virtual size: 107KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB