11868301397[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11868301397.zip
Size

90KB
MD5

00cad2c93a7189e39347c3783c8f8533
SHA1

5ad38f976be4a5eecef142e7670775dc056facd7
SHA256

d6b0e6a82209148db61b692fb925dc471a77fae4107f3e4d0a95c09a2cbb847f
SHA512

2395e976da3be9dda2f583256c48b4d8411a9a83753c5d47dcf7ee929575711f37ec27d5b8cc05981c6ec342b14c1ee839334b16e56588ceec6de5a5a4981fa3
SSDEEP

1536:JJFzZ9H8kx7hCDkqY1BHe2pul+QFHq5pvP3Lb39Fc8MPj+g89VA1qI0FKxXC:Bblx9KkqY7He2pg+Qs5pP3LbNSNj+79v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d3db55cd5677b176eb837a536b53ed8c5eabbfd68f64b88dd083dc9ce9ffb64e

Files

11868301397.zip
.zip

Password: infected
d3db55cd5677b176eb837a536b53ed8c5eabbfd68f64b88dd083dc9ce9ffb64e
.dll regsvr32 windows x64

6312da79b12e9112d07c19c84457c36a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
CreateFileA
GetFileAttributesA
GetFileInformationByHandle
SetFilePointer
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
OpenThread
VirtualAlloc
MapViewOfFile
UnmapViewOfFile
SwitchToFiber
CreateFiber
ConvertThreadToFiber
CreateFileMappingA
CreateNamedPipeA
CallNamedPipeA
WaitNamedPipeA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
RaiseException

Exports

Exports

DllRegisterServer
OIyo7nx
UXlsmX90

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6312da79b12e9112d07c19c84457c36a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 3KB

.gfids Size: 512B - Virtual size: 148B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 3KB

.gfids
Size: 512B - Virtual size: 148B

.reloc
Size: 2KB - Virtual size: 1KB