dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08.zip
Size

1.1MB
MD5

c3dd8ee1ca89efd594e53a0cd911e81c
SHA1

07b49f5658f060faaf15ba4dba86f77aa93a8877
SHA256

012b1e1b1ea1e454aba3007d90f178def45e02e62b4915184ba5b32ee5185ede
SHA512

080c91a0853f314d898a40aae9eceaee7481741f407ec76860f32a16181f6900f6fc6db22fdc67b8b7e1efa9044b48b3aa64a716434c0f9202faae21a7da43f9
SSDEEP

24576:szw1C9e6CXJg+WqvnFejUx/LT1/V1JFsHWjCs9hb1cn:szw1C9wF5ejM/LJtyWjCs9hxcn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/update.exe

Files

dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08.zip
.zip

Password: infected
dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08.iso
.iso .vbs
10700_SR_EN.pdf.vbs
.vbs
PR10559_SR_EN.pdf
.pdf
update.exe
.exe windows:6 windows x86

96baacc90461fcd4b5d9fcc50047c098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DeleteAce

kernel32

FreeConsole
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Exports

Exports

_LoadEnvironment@0

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 459KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

96baacc90461fcd4b5d9fcc50047c098

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 459KB - Virtual size: 463KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 459KB - Virtual size: 463KB

.reloc
Size: 7KB - Virtual size: 6KB