32d9d85b2105392eeb6109b27eb58c7a0ea84e7804fc19cba63fffa69d63daa4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

32d9d85b2105392eeb6109b27eb58c7a0ea84e7804fc19cba63fffa69d63daa4.zip
Size

679KB
MD5

1dbefea138702d9f88f0b199965201da
SHA1

c7ca4c3dd5d852300649c40878cb7c96d76251d2
SHA256

a48cf423d01d495b3b477ec0d3af1d3bfaae5b10b6a19a0b6755c7e4e8f9b19e
SHA512

f7b48fed6424d8501aeb24632bd0944607388b75a221cd00e2f4a0fe31ff3c0c3f81bdcf8ca483da102c8e8b279e36c0881c3ec3fa09f669093985870930b589
SSDEEP

12288:tVH0DSMntaZUVZrGMjBQg+fv8ZS7/BR6qdsP+eQbKxmeLm2A0Zq3Lp/S:301ntaZgrGEQgmS0XdgQb6hLm2A0Z/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/32d9d85b2105392eeb6109b27eb58c7a0ea84e7804fc19cba63fffa69d63daa4

Files

32d9d85b2105392eeb6109b27eb58c7a0ea84e7804fc19cba63fffa69d63daa4.zip
.zip

Password: infected
32d9d85b2105392eeb6109b27eb58c7a0ea84e7804fc19cba63fffa69d63daa4
.exe windows x64

Password: infected

0165f005a526e3bd615720410d742b8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
WSACleanup
__WSAFDIsSet
select
accept
recv
bind
connect
getpeername
getsockname
getsockopt
send
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
gethostname
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
ioctlsocket

wldap32

ord45
ord60
ord211
ord46
ord217
ord143
ord301
ord50
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

GetFileSizeEx
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
SetLastError
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
MoveFileExA
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
VerifyVersionInfoW
CreateFileMappingW
FormatMessageA
GetSystemTime
GetModuleFileNameA
SizeofResource
HeapFree
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSectionEx
FindResourceA
CreateMutexA
GetModuleHandleA
FreeResource
HeapSize
MultiByteToWideChar
Sleep
GetLastError
OpenMutexA
CreateFileA
LockResource
DeleteFileA
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
SetFileAttributesA
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
GetComputerNameA
AreFileApisANSI
ReadFile
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
LoadLibraryA
DeleteFileW
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTimeAsFileTime
InitializeSListHead

user32

keybd_event
GetClipboardData
CloseClipboard
OpenClipboard

gdi32

DeleteObject
GetObjectA

advapi32

RegQueryValueExA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetKnownFolderPath

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize

oleaut32

VariantClear
SysAllocString
VariantInit

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_BADOFF@std@@3_JB
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

shlwapi

ord214
ord184
ord213

gdiplus

GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipCreateBitmapFromScan0

vcruntime140

__std_terminate
memchr
memcpy
memset
strchr
__std_exception_copy
memmove
__std_exception_destroy
__C_specific_handler
_CxxThrowException
__CxxFrameHandler3
strrchr
strstr
memcmp
_purecall
__vcrt_InitializeCriticalSectionEx

api-ms-win-crt-runtime-l1-1-0

__sys_nerr
terminate
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_get_initial_narrow_environment
_resetstkoflw
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_errno
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_exit
__p___argc
_getpid
_invalid_parameter_noinfo
_beginthreadex
__p___argv
_register_thread_local_exe_atexit_callback
_c_exit
__sys_errlist
exit

api-ms-win-crt-stdio-l1-1-0

fclose
_open
fflush
__stdio_common_vsprintf_s
_write
fgetc
_lseeki64
fopen
fwrite
_set_fmode
ftell
fputc
feof
fgets
__stdio_common_vsscanf
fseek
fread
__acrt_iob_func
__p__commode
__stdio_common_vsprintf
fgetpos
_close
fputs
_get_stream_buffer_pointers
setvbuf
_fseeki64
fsetpos
ungetc
_read

api-ms-win-crt-math-l1-1-0

_dtest
__setusermatherr
_fdopen
_dsign

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand

api-ms-win-crt-convert-l1-1-0

atoi
strtoull
strtol
strtoul
strtoll
wcstombs
strtod

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlock_file
_fstat64
remove
_mkdir
_lock_file
_unlink
_access

api-ms-win-crt-time-l1-1-0

_gmtime64
strftime
_localtime64_s
_localtime64
_time64

api-ms-win-crt-string-l1-1-0

strspn
strcspn
isalnum
strcmp
strpbrk
tolower
strncpy
strncmp
strnlen
_strdup
isupper

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-heap-l1-1-0

_msize
_callnewh
malloc
realloc
calloc
_set_new_mode
free

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0165f005a526e3bd615720410d742b8a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 967KB - Virtual size: 967KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 10KB - Virtual size: 14KB

.pdata Size: 48KB - Virtual size: 47KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 72B

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 967KB - Virtual size: 967KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 10KB - Virtual size: 14KB

.pdata
Size: 48KB - Virtual size: 47KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 72B

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 3KB - Virtual size: 3KB