78f000c1901081a2b7f43e55843ba89b3ed2be2cab2c3c36f04c768800863940[.]zip

General

Target

78f000c1901081a2b7f43e55843ba89b3ed2be2cab2c3c36f04c768800863940.zip
Size

6KB
MD5

91b8de08a3184df9bd1b2ad3974912a7
SHA1

1677575640214e092eb2b5b5f25b52b91b2fb0df
SHA256

bb8905b7964ae90f61342b7cef9740f68a24ed426fba3586ca499fe201ab9bd7
SHA512

5c2da5e24a5fc4c90a74c306d7b6dcfad7480287e0591e2e7cb4d7c27c240ddc39b0d5abffcda4c923dc8cda8f051a66ad185bc92caab9c0a5664d5ccd5b4bc0
SSDEEP

192:D7NUQp1c14k76slEkYE3nnabE9/DAluptDJkILqa+bvF:NU14k2kYEuE9bAUptDSdJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/78f000c1901081a2b7f43e55843ba89b3ed2be2cab2c3c36f04c768800863940

Files

78f000c1901081a2b7f43e55843ba89b3ed2be2cab2c3c36f04c768800863940.zip
.zip

Password: threatbook
78f000c1901081a2b7f43e55843ba89b3ed2be2cab2c3c36f04c768800863940
.exe windows x86

Password: threatbook

5fc1ff0fbf1b9c607663e56f5b5c6ce0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

isalnum
strrchr
strchr
strstr
sscanf
sprintf
memset
memcpy

kernel32

CreateFileA
GetFileSize
GetProcessHeap
WriteFile
GetCommandLineA
GetVolumeInformationA
TerminateThread
Sleep
ExitProcess
TerminateProcess
ReadFile
GetSystemDirectoryA
GetStartupInfoA
GetLongPathNameA
HeapFree
SetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetTempPathA
SuspendThread
CreateThread
GetProcAddress
LoadLibraryA
CreatePipe
HeapAlloc
CreateProcessA
CopyFileA

advapi32

ControlService
OpenSCManagerA
SetServiceStatus
StartServiceA
CreateServiceA
RegisterServiceCtrlHandlerA
ChangeServiceConfig2A
DeleteService
OpenServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

5fc1ff0fbf1b9c607663e56f5b5c6ce0

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 116B

.reloc Size: 1024B - Virtual size: 824B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 116B

.reloc
Size: 1024B - Virtual size: 824B