dd0a02f034cbec88e31811e687b77acfa226e7acd24e59c4c8c557936fe0677c

Sharing

Copy URL Twitter E-mail

General

Target

dd0a02f034cbec88e31811e687b77acfa226e7acd24e59c4c8c557936fe0677c
Size

3.4MB
MD5

f1c36e4492e084db6d8f20aacf436521
SHA1

e9bc70c6895761841d3bad7017f2cfba52c4339f
SHA256

dd0a02f034cbec88e31811e687b77acfa226e7acd24e59c4c8c557936fe0677c
SHA512

0c6e3c2c8e0ac8b50dd4973410dc40f6982e70b8286b587e5ccc7cca3dc82735ba741caff6f1a5aab7ebbac277b14a584459537b53a1831e891b3528760d03c4
SSDEEP

98304:t2xVLirUfwop4rjWx2FuffNYEwwuB2u2muSpAJvSeNAofR:tGVLiroGrtFuBrlJmLpA5NpfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bmp/a.exe
unpack001/bmp/whodunit.exe
unpack001/jpg/a.exe

Files

dd0a02f034cbec88e31811e687b77acfa226e7acd24e59c4c8c557936fe0677c
.zip
bmp/.idea/.gitignore
bmp/.idea/bmp.iml
.xml
bmp/.idea/misc.xml
.xml
bmp/.idea/modules.xml
.xml
bmp/.idea/workspace.xml
.xml
bmp/a.exe
.exe windows x86

2f49548c82e1f8a5ba9399abae4f783a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
atoi
calloc
fclose
fopen
fprintf
fputc
fread
free
fseek
fwrite
malloc
mbstowcs
memcpy
printf
puts
realloc
setlocale
signal
strcoll
strlen
tolower
vfprintf
wcstombs

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bmp/bmp.h
bmp/clue.bmp
bmp/cmake-build-debug/CMakeFiles/clion-log.txt
bmp/copy.c
bmp/large.bmp
bmp/new1.bmp
bmp/resize
.elf linux x86
bmp/resize.c
bmp/small.bmp
bmp/smile.bmp
bmp/smiley.bmp
bmp/verdict.bmp
bmp/whodunit
.elf linux x86
bmp/whodunit.c
bmp/whodunit.exe
.exe windows x64

4d002c014ff0f5180959e3ea6927daa5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
fclose
fopen
fprintf
fputc
fread
free
fseek
fwrite
localeconv
malloc
memcpy
memset
signal
strerror
strlen
strncmp
vfprintf
wcslen

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 167B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jpg/000.jpg
.jpg
jpg/001.jpg
.jpg
jpg/002.jpg
jpg/003.jpg
.jpg
jpg/004.jpg
.jpg
jpg/005.jpg
.jpg
jpg/006.jpg
.jpg
jpg/007.jpg
jpg/008.jpg
jpg/009.jpg
.jpg
jpg/010.jpg
.jpg
jpg/011.jpg
.jpg
jpg/012.jpg
.jpg
jpg/013.jpg
.jpg
jpg/014.jpg
.jpg
jpg/015.jpg
.jpg
jpg/a.exe
.exe windows x86

32a64c4726f7584d248de58167622a9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
calloc
fclose
fopen
fread
free
fwrite
malloc
mbstowcs
memcmp
memcpy
realloc
setlocale
signal
sprintf
strcoll
strlen
tolower
vfprintf
wcstombs

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jpg/recover
.elf linux x86
jpg/recover.c
лаб4 куцин кб-222.docx
.docx office2007

Sharing

General

Malware Config

Signatures

Files

2f49548c82e1f8a5ba9399abae4f783a

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 28B

.rdata Size: 1024B - Virtual size: 860B

/4 Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 112B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 56B

/29 Size: 7KB - Virtual size: 7KB

/41 Size: 512B - Virtual size: 303B

/55 Size: 512B - Virtual size: 456B

/67 Size: 512B - Virtual size: 56B

4d002c014ff0f5180959e3ea6927daa5

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 512B - Virtual size: 240B

.rdata Size: 3KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

/4 Size: 512B - Virtual size: 80B

/19 Size: 4KB - Virtual size: 3KB

/31 Size: 512B - Virtual size: 167B

/45 Size: 512B - Virtual size: 272B

/57 Size: 512B - Virtual size: 72B

/70 Size: 512B - Virtual size: 143B

32a64c4726f7584d248de58167622a9c

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 28B

.rdata Size: 1024B - Virtual size: 780B

/4 Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 112B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

/14 Size: 512B - Virtual size: 56B

/29 Size: 7KB - Virtual size: 7KB

/41 Size: 512B - Virtual size: 303B

/55 Size: 512B - Virtual size: 456B

/67 Size: 512B - Virtual size: 56B

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 28B

.rdata
Size: 1024B - Virtual size: 860B

/4
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 112B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 56B

/29
Size: 7KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 303B

/55
Size: 512B - Virtual size: 456B

/67
Size: 512B - Virtual size: 56B

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 512B - Virtual size: 240B

.rdata
Size: 3KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 512B - Virtual size: 80B

/19
Size: 4KB - Virtual size: 3KB

/31
Size: 512B - Virtual size: 167B

/45
Size: 512B - Virtual size: 272B

/57
Size: 512B - Virtual size: 72B

/70
Size: 512B - Virtual size: 143B

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 28B

.rdata
Size: 1024B - Virtual size: 780B

/4
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 112B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

/14
Size: 512B - Virtual size: 56B

/29
Size: 7KB - Virtual size: 7KB

/41
Size: 512B - Virtual size: 303B

/55
Size: 512B - Virtual size: 456B

/67
Size: 512B - Virtual size: 56B