1788053F1F3F4D18A788BBA95A4D2E9A[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1788053F1F3F4D18A788BBA95A4D2E9A.zip
Size

26KB
MD5

61d532089845e163b0a060e61a9b872f
SHA1

15cc5c208f6ce84b78b747bae32637e67b18c22e
SHA256

d3496c5e43651479011ec022042ccdde4f3741ea313ccef55cffd753f5096776
SHA512

4c5c4ce5dc7a934f799f92b3ff05e8960a052cab5647fccf5170e9fda1da7bbc4cf0fa33748001e992657c80c04f527b3a88e3e2588c02d2e7bf2bd168b04852
SSDEEP

768:nRtuVS4qGfMyPfGmoQHlvnVPxbgeIK9jzzyx:nRtuY4F3P+moQHlfZxbvIkO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rundll32.exe/rundll32.exe

Files

1788053F1F3F4D18A788BBA95A4D2E9A.zip
.zip

Password: infected
details.json
rundll32.exe/rundll32.exe
.exe windows x64

5c68de198b5d2dd5c1129782ad19676c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__wgetmainargs
_amsg_exit
__CxxFrameHandler3
__set_app_type
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
exit
_exit
_cexit
_vsnwprintf
_commode
__setusermatherr
_fmode
_wcmdln
_initterm
_lock
_XcptFilter
free
_purecall
_wtoi
memcpy_s
__C_specific_handler
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoWaitForMultipleHandles
CoUninitialize
CoAddRefServerProcess
CoRevokeClassObject
CoCreateInstance
CoInitializeEx
CoRegisterClassObject
CoResumeClassObjects
CLSIDFromString
CoInitializeSecurity
CoReleaseServerProcess

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
GetFileAttributesW
SetFilePointer

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
LoadStringW
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
AcquireSRWLockExclusive
SetEvent
ReleaseMutex
ReleaseSRWLockShared
CreateEventW
AcquireSRWLockShared
ReleaseSRWLockExclusive
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapSetInformation
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

InitializeProcThreadAttributeList
UpdateProcThreadAttribute
ExitProcess
TerminateProcess
GetCurrentProcess
CreateProcessW
GetCurrentProcessId
GetStartupInfoW
GetCurrentThreadId
DeleteProcThreadAttributeList

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount

api-ms-win-core-wow64-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

AttachConsole
FreeConsole

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx
QueryActCtxW

api-ms-win-downlevel-shlwapi-l1-1-0

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-0

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtClose
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtSetInformationToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

5c68de198b5d2dd5c1129782ad19676c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-shlwapi-l2-1-0

imagehlp

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 1KB

.didat Size: 4KB - Virtual size: 248B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 264B

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 1KB

.didat
Size: 4KB - Virtual size: 248B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 264B