cb9fb42bfcae30b849fcc210d1ac4b39a12e32c6dc9d8523fcf9883632d7135e[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

cb9fb42bfcae30b849fcc210d1ac4b39a12e32c6dc9d8523fcf9883632d7135e.zip
Size

483KB
MD5

6e300ad4240f39673f9a0b5d6e07471f
SHA1

8f30e8616b27404a24400f121ba7505854460846
SHA256

36fb88a4e96453156bd77add916d227b92fb6a81b7fa69ece26bcfb27f18f84a
SHA512

cafb18b868f251f27d5edec40bf44d0c6dc8aeac658b0d2ec8d6b20159c836686e32de5af534e6f536b3e9a84e727536c3e83daa0ad1a1cc0b7e542132034b20
SSDEEP

12288:J7WUVwS6IaTtVoIRDSigJ1q1Jbh80g0iSIYK4YzBIqksa:DVwS6I8RD3gJ1620gRNx3G1Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/The Ministry of State for Wall and Settlement Affairs established by the Palestinian government.exe

Files

cb9fb42bfcae30b849fcc210d1ac4b39a12e32c6dc9d8523fcf9883632d7135e.zip
.zip

Password: infected
cb9fb42bfcae30b849fcc210d1ac4b39a12e32c6dc9d8523fcf9883632d7135e
.rar

Password: infected
The Ministry of State for Wall and Settlement Affairs established by the Palestinian government.exe
.exe windows x86

Password: infected

755683cef33f321d5ad1bb8f78eead1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup
WSAIoctl
__WSAFDIsSet
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
select
accept
htonl
listen
recv
bind
connect
send
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
WSASetLastError
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
gethostname

wldap32

ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord301
ord41
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22

crypt32

CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

kernel32

GetFileType
GetStdHandle
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
SetLastError
GetSystemDirectoryA
QueryPerformanceFrequency
WaitForMultipleObjects
InitializeCriticalSectionEx
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
VerSetConditionMask
VerifyVersionInfoW
SleepEx
GetFileSizeEx
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
PeekNamedPipe
FreeLibrary
SystemTimeToFileTime
GetCurrentProcessId
GetModuleFileNameA
SizeofResource
HeapFree
EnterCriticalSection
WriteFile
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindResourceA
CreateMutexA
GetModuleHandleA
FreeResource
HeapSize
MultiByteToWideChar
Sleep
GetLastError
OpenMutexA
CreateFileA
LockResource
DeleteFileA
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
SetFileAttributesA
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
GetComputerNameA
AreFileApisANSI
ReadFile
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetVersionExW
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
LoadLibraryA
GetVersionExA
DeleteFileW
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
InitializeSListHead

user32

GetClipboardData
OpenClipboard
CloseClipboard
keybd_event

gdi32

DeleteObject
GetObjectA

advapi32

RegQueryValueExA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
RegOpenKeyExA

shell32

ShellExecuteA
SHGetKnownFolderPath

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantClear
SysAllocString
VariantInit

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

shlwapi

ord214
ord184
ord213

gdiplus

GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipCreateBitmapFromScan0

vcruntime140

memmove
__std_exception_destroy
__std_exception_copy
_purecall
memchr
strstr
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
_except_handler4_common
__CxxFrameHandler3
__std_terminate
memset
memcpy
strrchr
strchr

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_configure_narrow_argv
_initialize_narrow_environment
terminate
_exit
_initialize_onexit_table
__p___argc
_invalid_parameter_noinfo_noreturn
_errno
_getpid
_register_onexit_function
_invalid_parameter_noinfo
_crt_atexit
_cexit
_beginthreadex
__p___argv
_seh_filter_exe
_set_app_type
_initterm_e
__sys_nerr
__sys_errlist
_get_initial_narrow_environment
_register_thread_local_exe_atexit_callback
_initterm
_resetstkoflw
_c_exit
exit

api-ms-win-crt-stdio-l1-1-0

feof
__stdio_common_vsscanf
_open
fseek
fgets
fread
__acrt_iob_func
_lseeki64
__p__commode
_get_stream_buffer_pointers
_fseeki64
_set_fmode
fsetpos
ungetc
setvbuf
fputs
fgetpos
__stdio_common_vsprintf
fwrite
_read
_write
fgetc
__stdio_common_vsprintf_s
_close
fclose
fflush
fopen
fputc
ftell

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
__setusermatherr
_except1

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-convert-l1-1-0

strtoull
strtoul
strtol
wcstombs
atoi
strtoll
strtod

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_mkdir
_access
_unlink
_lock_file
_stat64
remove
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64
_localtime64_s
_time64
strftime
_gmtime64

api-ms-win-crt-string-l1-1-0

isupper
strspn
strcspn
strpbrk
tolower
strncpy
isalnum
strncmp
_strdup
strnlen

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
calloc
_msize
_callnewh
realloc
free

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 874KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

755683cef33f321d5ad1bb8f78eead1d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

normaliz

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

gdiplus

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 874KB - Virtual size: 874KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 6KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 92B

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 874KB - Virtual size: 874KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 6KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 92B

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 31KB - Virtual size: 31KB