53f4b32016ce36149a164c564f0c0ff4881abfcdc70997a5333698c26467ceb1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

53f4b32016ce36149a164c564f0c0ff4881abfcdc70997a5333698c26467ceb1.zip
Size

1.1MB
MD5

fc72e223d65d477146ab8dd9306f91d9
SHA1

e8dace2543dc5ee50d75e3d01af87588c45837cb
SHA256

5e8f0f383007631a6b1db9330613173d26e2ece9168046c2262b14d24a126790
SHA512

71387cb1d308adf621db57d5d7b1b1d5777f41e79ddf7558534f66585642c34fd9b0631f3d6584ad2f55533a3ced90c61d68075cbe9ddc8966a27d0f18ae9407
SSDEEP

24576:C7Fk0rO5Vw7xREfYkhN7UcM93JvmV1PALwhMeajHdOqaKf6:Chr+Ve2/kmV1PK8q9Oqa66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bit.exe

Files

53f4b32016ce36149a164c564f0c0ff4881abfcdc70997a5333698c26467ceb1.zip
.zip

Password: infected
bit.exe
.exe windows x86

2b3e911ecbd9fc4058594ec6aa5f6084

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
OpenSCManagerA
AdjustTokenPrivileges
RegOpenKeyExA
OpenProcessToken
CloseServiceHandle
CreateServiceA
StartServiceA
OpenServiceA
ControlService
DeleteService
CloseEventLog
ReadEventLogA
GetOldestEventLogRecord
GetNumberOfEventLogRecords
NotifyChangeEventLog
OpenEventLogA
RegEnumKeyExA
RegOpenKeyA
LookupPrivilegeValueA

comctl32

MenuHelp
InitCommonControls
ImageList_ReplaceIcon
CreateToolbarEx
PropertySheet
ImageList_Destroy
ImageList_Create
CreateStatusWindowA

dsetup

DirectXSetupGetVersion

gdi32

StretchBlt
GetTextExtentPointA
GdiFlush
GetTextMetricsA
GetCharWidthA
EndDoc
EndPage
CreateFontIndirectA
GetDIBits
CreateDIBSection
GetDeviceCaps
CreateFontA
SetBkColor
SetTextAlign
ExtTextOutA
CreateEnhMetaFileA
StartPage
CloseEnhMetaFile
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
DeleteEnhMetaFile
PatBlt
CreateCompatibleBitmap
GetDCOrgEx
GetClipBox
Ellipse
CreateDCA
CreatePen
RoundRect
CreateSolidBrush
GetStockObject
Rectangle
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
GetObjectA
GetDIBColorTable
StretchDIBits
CreateCompatibleDC
SelectObject
GetMapMode
SetMapMode
MoveToEx
StartDocA
BitBlt
DeleteDC
LineTo
DeleteObject

kernel32

GetModuleFileNameA
HeapFree
GetProcessHeap
VirtualFree
GetCurrentProcess
CloseHandle
GetLastError
HeapAlloc
VirtualAlloc
GetSystemInfo
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
GetComputerNameA
GlobalMemoryStatus
GetVersionExA
GetProcessAffinityMask
Sleep
CreateProcessA
ResetEvent
CreateEventA
GetCurrentProcessId
DeleteCriticalSection
SetEvent
GetFileSize
CreateFileA
SetThreadPriority
GetCurrentThread
InitializeCriticalSection
WaitForSingleObject
QueryPerformanceFrequency
MultiByteToWideChar
QueryDosDeviceA
GetVolumeInformationA
SetErrorMode
GetDriveTypeA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceCounter
ReadFile
GetThreadPriority
SetProcessAffinityMask
SetEnvironmentVariableA
IsDebuggerPresent
GetFileTime
GetSystemTimeAsFileTime
lstrcat
LoadLibraryA
lstrcpy
GetModuleHandleA
MulDiv
lstrlen
GetWindowsDirectoryA
GetTapeParameters
GetTapeStatus
lstrcpyW
LocalAlloc
LocalFree
lstrcmp
DeviceIoControl
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFullPathNameA
WideCharToMultiByte
FormatMessageA
LoadLibraryExA
ExpandEnvironmentStringsA
FindFirstFileA
FindClose
LeaveCriticalSection
EnterCriticalSection
DeleteFileA
GetLogicalDrives
GetExitCodeThread
ExitThread
CreateThread
GetSystemDirectoryA
GetTimeFormatA
GetDateFormatA
GetLocalTime
GetCurrentThreadId
FindNextFileA
GetTickCount
SetFilePointer
WriteFile
TerminateProcess
CreateFileMappingA
GetProfileStringA
ClearCommError
GetCommModemStatus
EscapeCommFunction
SetCommTimeouts
SetCommState
GetCommState
PurgeComm
GetTapePosition
SetTapePosition
WriteTapemark
CreateTapePartition
PrepareTape
SetTapeParameters
CreateMutexA
GlobalAlloc
GlobalFree
ReleaseMutex
GlobalUnlock
GlobalLock
GlobalSize
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
RtlUnwind
RaiseException
ResumeThread
ExitProcess
CreateDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
GetFileAttributesA
RemoveDirectoryA
HeapReAlloc
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LockResource
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
GetTimeZoneInformation
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InterlockedExchange
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetEndOfFile
CompareStringA
CompareStringW
GetThreadLocale
GetUserDefaultLangID

msvfw32

MCIWndCreate

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shell32

DragQueryFile
DragAcceptFiles
ShellExecuteA

user32

SetScrollInfo
ShowScrollBar
LoadBitmapA
SendDlgItemMessageA
EnableWindow
GetMonitorInfoA
CheckDlgButton
GetDlgItemInt
FillRect
OffsetRect
BringWindowToTop
ShowOwnedPopups
ScrollWindowEx
GetClassInfoExA
IntersectRect
UnregisterClassA
GetForegroundWindow
SetClassLongA
GetDlgCtrlID
GetClipboardData
LoadMenuA
TrackPopupMenuEx
GetCursorPos
SetWindowLongA
GetClassLongA
ClipCursor
DestroyMenu
GetDlgItemTextA
FindWindowA
MessageBoxW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowDC
EnumDisplayMonitors
RemoveMenu
PostMessageA
GetMessageA
IsDialogMessage
SystemParametersInfoA
DispatchMessageA
MessageBeep
DefWindowProcA
RegisterClipboardFormatA
CheckMenuItem
KillTimer
CreateWindowExA
SetCursor
SetTimer
UpdateWindow
DialogBoxParamA
DestroyWindow
DrawMenuBar
GetMenu
EnableMenuItem
GetSubMenu
GetSystemMetrics
MessageBoxA
CreateDialogParamA
SetWindowPos
LoadIconA
LoadCursorA
RegisterClassExA
SetScrollRange
SetScrollPos
MoveWindow
ShowWindow
SetWindowTextA
EndDialog
PostQuitMessage
SetDlgItemTextA
InvalidateRect
EnumDisplaySettingsA
SetDlgItemInt
wsprintfA
AdjustWindowRectEx
BeginPaint
LoadImageA
GetDlgItem
GetWindowRect
ScreenToClient
EndPaint
SendMessageA
GetDC
GetClientRect
DrawTextA
ReleaseDC
ShowCursor
ClientToScreen
GetIconInfo
RegisterClassA
SetRect
AdjustWindowRect
GetWindowLongA
LoadAcceleratorsA
PeekMessageA
TranslateAccelerator
TranslateMessage
SetForegroundWindow

wininet

FtpFindFirstFileA
FtpGetFileA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetSetStatusCallback
InternetGetLastResponseInfoA
FtpPutFileA

winmm

waveInOpen
waveOutOpen
waveOutWrite
PlaySound
mciGetErrorStringA
mciSendCommandA
timeGetTime
waveInStart
waveInClose
waveInUnprepareHeader
waveInReset
waveOutClose
waveOutRestart
waveOutPause
waveOutPrepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutReset
waveOutUnprepareHeader

winspool.drv

WritePrinter
OpenPrinterA
StartDocPrinterA
StartPagePrinter
ClosePrinter
EndPagePrinter
EndDocPrinter

ws2_32

getsockname
bind
htons
htons
inet_ntoa
connect
select
recv
setsockopt
send
closesocket
WSASocketA
recvfrom
__WSAFDIsSet
getpeername
sendto
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
htonl
WSAGetLastError
inet_addr
WSAStartup
gethostname
gethostbyname
listen
accept
socket

comdlg32

ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
PrintDlgA

iphlpapi

GetAdaptersInfo

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
StgCreateStorageEx
CoInitializeEx
CoInitialize
CoCreateInstance
StgOpenStorageEx

armaccess

IsAdmin

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 492KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

2b3e911ecbd9fc4058594ec6aa5f6084

Headers

File Characteristics

Imports

advapi32

comctl32

dsetup

gdi32

kernel32

msvfw32

oleaut32

shell32

user32

wininet

winmm

winspool.drv

ws2_32

comdlg32

iphlpapi

ole32

armaccess

Sections

.text Size: 752KB - Virtual size: 752KB

.rdata Size: 252KB - Virtual size: 252KB

.data Size: 492KB - Virtual size: 492KB

.text1 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.mackt Size: 12KB - Virtual size: 12KB

.mackt Size: 16KB - Virtual size: 12KB

.text
Size: 752KB - Virtual size: 752KB

.rdata
Size: 252KB - Virtual size: 252KB

.data
Size: 492KB - Virtual size: 492KB

.text1
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.mackt
Size: 12KB - Virtual size: 12KB

.mackt
Size: 16KB - Virtual size: 12KB