ae5472ca53cc78ee76eb7e0d24d74c92fa81cbfb06f4480dbd2e9ed6f32d6179[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ae5472ca53cc78ee76eb7e0d24d74c92fa81cbfb06f4480dbd2e9ed6f32d6179.exe.zip
Size

24.7MB
MD5

d2517d3e49a36ed9f5a91e07b6f1899f
SHA1

38ed5f38ff7ef50022653e1aeb6f5f99b4036a9c
SHA256

67f63b45e5d869661ae02e10af8deacd4e6d22a8cee1802bb7379e39a9b6b3f5
SHA512

d8dfa72f6cdbe3b264a4abe6a8972dbe81ec96d8f9611a03899fc0d902c789b5b983d7ced3e9c7dc6d745658d3701ecda0c72f990a8a87699d0b31826d646be9
SSDEEP

393216:1sBEPWLLu5tX9q8hfn5HDPQfhSvmUz03Maw/Tnyxyiy3Lp+zvuErMiFXgj+MZ/R0:1sB/YfmfMlXaYnyxRimei+jR3YLWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ae5472ca53cc78ee76eb7e0d24d74c92fa81cbfb06f4480dbd2e9ed6f32d6179.exe

Files

ae5472ca53cc78ee76eb7e0d24d74c92fa81cbfb06f4480dbd2e9ed6f32d6179.exe.zip
.zip

Password: infected
ae5472ca53cc78ee76eb7e0d24d74c92fa81cbfb06f4480dbd2e9ed6f32d6179.exe
.exe windows:4 windows x86

ba1b8fbc2b1c93935a67fb0c7432f51b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerLanguageNameA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ord17

kernel32

QueryPerformanceFrequency
CreateEventA
Sleep
InterlockedDecrement
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
SetFilePointer
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
WriteFile
SizeofResource
FindResourceA
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalHandle
GetPrivateProfileSectionA
SetCurrentDirectoryA
lstrlenW
InterlockedIncrement
GetSystemInfo
SetLastError
IsValidCodePage
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetPrivateProfileStringA
lstrlenA
CreateFileA
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
WideCharToMultiByte
DeleteFileA
GetLastError
CreateThread
CopyFileA
MultiByteToWideChar
ExpandEnvironmentStringsA
GetExitCodeThread
lstrcmpiA
SetErrorMode
GetPrivateProfileIntA
GetTempPathA
WritePrivateProfileStringA
GetWindowsDirectoryA
GetTempFileNameA
lstrcmpA
lstrcpyA
MoveFileA
LoadResource
IsBadCodePtr
GetVersion
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
RaiseException
HeapAlloc
HeapFree
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose
SetStdHandle
LCMapStringW

user32

CharNextA
ReleaseDC
GetDC
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
GetDesktopWindow
DialogBoxParamA
ShowWindow
GetDlgItem
EndDialog
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
BeginPaint
GetWindowLongA
DestroyWindow
CreateDialogParamA
SendDlgItemMessageA
ExitWindowsEx
CharPrevA
LoadStringA
GetClassInfoA
UpdateWindow
SetCursor
GetDlgItemTextA
EnableWindow
MessageBoxA
GetParent
GetWindowTextLengthA
GetWindowTextA
MoveWindow
GetWindowPlacement
DrawIcon
DestroyIcon
SetWindowTextA
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageA
SendMessageA
GetSystemMetrics
SetRect
FindWindowA
IntersectRect
SubtractRect
IsWindow
GetWindowRect
GetDlgCtrlID
CharLowerBuffA

gdi32

CreateDIBitmap
GetDeviceCaps
CreatePalette
SelectPalette
GetStockObject
DeleteObject
GetSystemPaletteEntries
BitBlt
SelectObject
DeleteDC
CreateSolidBrush
CreateFontIndirectA
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
RealizePalette

advapi32

FreeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
OpenProcessToken
EqualSid
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegDeleteKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
StgIsStorageFile
StgOpenStorage

oleaut32

SysStringLen
SysReAllocStringLen
SysFreeString
SysAllocString
SysAllocStringLen

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ba1b8fbc2b1c93935a67fb0c7432f51b

Headers

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 48KB - Virtual size: 45KB