4f01ffe98009a8090ea8a086d21c62c24219b21938ea3ec7da8072f8c4dcc7a6[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4f01ffe98009a8090ea8a086d21c62c24219b21938ea3ec7da8072f8c4dcc7a6.zip
Size

447KB
MD5

b5d01c3f545d9b6374ce178616ae94a7
SHA1

3adc6088b2d1844e5e0610751ba9258af78b8fe5
SHA256

fdc92c9b390e84c47551d7ab6cbe3222a95c4d3b78ba144ec1b41d0d03a8a7e4
SHA512

6d9ca2254ffb1bb2f54da39e9c51358412daa2da7affe2f9d0e16b886de649645785247dc7bed307cf6f8ee2465e217ab8134841c459fac501195d513d4eac64
SSDEEP

12288:dQUzJ1yLupdCmVJ2piwCCkEFWJs76zLj/Mxv:dQUl0MYhiRCkElv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4f01ffe98009a8090ea8a086d21c62c24219b21938ea3ec7da8072f8c4dcc7a6

Files

4f01ffe98009a8090ea8a086d21c62c24219b21938ea3ec7da8072f8c4dcc7a6.zip
.zip

Password: infected
4f01ffe98009a8090ea8a086d21c62c24219b21938ea3ec7da8072f8c4dcc7a6
.exe windows x86

d35e4ad33c42e2533a1c8e6aee96e9a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

nw_elf

SignalChromeElf

rpcrt4

UuidCreate

advapi32

SetThreadToken
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
SystemFunction036
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
LookupPrivilegeValueW
ImpersonateNamedPipeClient
SetEntriesInAclW
GetSecurityInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winmm

timeGetTime

user32

GetThreadDesktop
CreateDesktopW
CloseWindowStation
CloseDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
PeekMessageW
PostThreadMessageW
CharUpperW

kernel32

ConnectNamedPipe
DisconnectNamedPipe
GetSystemInfo
LoadLibraryExA
GetSystemDefaultLCID
PeekNamedPipe
FileTimeToLocalFileTime
SetEnvironmentVariableA
OutputDebugStringW
LCMapStringW
EnumSystemLocalesW
IsValidLocale
GetDriveTypeW
ReadConsoleW
RtlUnwind
GetStringTypeW
GetCPInfo
GetOEMCP
IsValidCodePage
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
UnhandledExceptionFilter
HeapSize
GetACP
MultiByteToWideChar
ExitProcess
GetFullPathNameW
SetStdHandle
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsProcessorFeaturePresent
EncodePointer
HeapSetInformation
GetCurrentThreadId
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
CreateEventW
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetProcessId
SetCurrentDirectoryW
GetCurrentDirectoryW
SetProcessShutdownParameters
LoadLibraryExW
OpenProcess
GetCurrentProcessId
CreateRemoteThread
GetModuleHandleW
GetFileInformationByHandle
GetExitCodeProcess
CompareStringW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
VirtualAlloc
VirtualFree
CreateFileW
DeleteFileW
WriteFile
OutputDebugStringA
CloseHandle
GetTickCount
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineW
LocalFree
GetVersionExW
GetNativeSystemInfo
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetStdHandle
ReadFile
SetHandleInformation
CreatePipe
ResumeThread
CreateProcessW
AssignProcessToJobObject
SetInformationJobObject
GetProcessTimes
IsDebuggerPresent
CreateThread
CreateDirectoryW
GetFileAttributesW
GetLongPathNameW
QueryDosDeviceW
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadLibraryW
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetLocaleInfoW
GetUserDefaultUILanguage
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
UnregisterWaitEx
RegisterWaitForSingleObject
GetModuleHandleExW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileExW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
SetEvent
ResetEvent
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
VirtualAllocEx
VirtualQueryEx
VirtualProtectEx
WriteProcessMemory
InitializeCriticalSection
TerminateJobObject
GetUserDefaultLCID
GetThreadContext
FreeLibrary
GetFileType
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
CreateMutexW
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
ReadProcessMemory
SuspendThread
DebugBreak
lstrlenW
SearchPathW
LockFileEx
UnlockFileEx
SleepEx
GetVersion
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
GetTimeZoneInformation
GetThreadLocale
ReleaseSemaphore
CreateSemaphoreW

winhttp

WinHttpSendRequest
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpCloseHandle

Exports

Exports

ClearCrashKeyValueImpl
CrashForException
DumpProcessWithoutCrash
GetHandleVerifier
GetUploadedReportsImpl
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
SetCrashKeyValueImpl

Sections

.text
Size: 647KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d35e4ad33c42e2533a1c8e6aee96e9a1

Headers

DLL Characteristics

File Characteristics

Imports

nw_elf

rpcrt4

advapi32

version

winmm

user32

kernel32

winhttp

Exports

Exports

Sections

.text Size: 647KB - Virtual size: 646KB

.rdata Size: 262KB - Virtual size: 262KB

.data Size: 7KB - Virtual size: 100KB

CPADinfo Size: 512B - Virtual size: 20B

.tls Size: 512B - Virtual size: 2B

_RDATA Size: 512B - Virtual size: 288B

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 647KB - Virtual size: 646KB

.rdata
Size: 262KB - Virtual size: 262KB

.data
Size: 7KB - Virtual size: 100KB

CPADinfo
Size: 512B - Virtual size: 20B

.tls
Size: 512B - Virtual size: 2B

_RDATA
Size: 512B - Virtual size: 288B

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 26KB - Virtual size: 25KB