SmartDefragmenter[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SmartDefragmenter.zip
Size

376KB
MD5

541d8406002aa2750a2cf59480e71d94
SHA1

ac40c4715cca6967e2af789cee246b5a0d533a9f
SHA256

ddf1b79f563d94bb3ddb46b37aa010d95403dc7a1debfc9476a8ab449472b738
SHA512

9d3f5fd405be3a76b9d0150e58a2af24cd609a1b7b63bac9e68350a0b153a42bf4941c5d2d8d752ee5d9d6dcc690250811a9c688e2efcc458abef71580add73b
SSDEEP

6144:MdZTQDqwhWbeXTbAf4KINkYLcwpO/ZuY2EwbJ2Fgzz+n6tBN+Pz9BQBa4oQRMgs:yZw1DbAf4KIqM4cewFQ2z+6XNk3QVRM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[email protected]

Files

SmartDefragmenter.zip
.zip

Password: mysubsarethebest
[email protected]
.exe windows x86

Password: mysubsarethebest

d6d92b735b19ebf8f5154df99a6eaf71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

msvcrt

atol
_initterm
strtoul
strncmp
isxdigit
malloc
bsearch
isdigit
sprintf
_adjust_fdiv
memmove
_except_handler3
free
_ltoa
wcschr
_onexit
_itow
isupper
qsort
_snwprintf
_wcsicmp
wcscmp
strncpy
wcscat
_wcsnicmp
wcslen

oleacc

CreateStdAccessibleObject
LresultFromObject

rpcrt4

NdrClientCall2
RpcBindingFromStringBindingW
RpcRevertToSelf
RpcStringFreeW

wininet

FtpCommandA

kernel32

VirtualAlloc

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW
PathRemoveExtensionW

shell32

ShellExecuteW
SHGetFileInfoW

Sections

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 896KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE