mkpub_21-9924-5038258 A[.]uue

Sharing

Copy URL Twitter E-mail

General

Target

mkpub_21-9924-5038258 A.uue
Size

163KB
MD5

0f91805981edbd7fc940107b703dacee
SHA1

a0079d9d4ae1e1b9869171f18ff2347d5f99ed23
SHA256

10855daa1857e9b437897b9b7d0952f8e4c27f4d7f2e96f773be1c1aea17425e
SHA512

0ed55a792d9ce6827643a62e0b2b5d23e462db0fdd4a39362c69235ad336789142ed9993c6af7ef79b8654583939159ef103abe02e8f3c6e3dd4494d3437e510
SSDEEP

3072:LcgIqqIlZjtqrOVMPjtxDCIQnQAvZ2LBWhzDDbrHQyM4H+eVYgGtSrs1Rzr:Quq8Zppu5JvQnPxewhzTLp+e3GYQ1Rzr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/21-9924-5038258 A.exe

Files

mkpub_21-9924-5038258 A.uue
.rar

Password: infected
21-9924-5038258 A.exe
.exe windows:6 windows x86

Password: infected

a22220de868c52c78803e2e507226f09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetTempFileNameW
FileTimeToSystemTime
DeleteFileW
CreateFileW
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
VirtualProtect
VirtualAlloc
FreeConsole
WriteConsoleW
SetFilePointerEx
CloseHandle
GetConsoleMode
GetConsoleCP
CompareFileTime
GetStringTypeW
SetStdHandle
GetVersionExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetFileType
RegisterApplicationRestart
RegisterApplicationRecoveryCallback
ApplicationRecoveryFinished
Sleep
ApplicationRecoveryInProgress
CompareStringW
lstrlenW
GetProfileStringW
LocalAlloc
LocalReAlloc
LocalFree
GetModuleFileNameW
GetCurrentProcess
IsWow64Process
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetFileAttributesW
FreeLibraryAndExitThread
FlushFileBuffers
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryExA
LCMapStringW
GetACP
GetCommandLineW
GetCommandLineA
InterlockedCompareExchange
DelayLoadFailureHook
FreeLibrary
LoadLibraryW
GetLocaleInfoEx
GetProcAddress
SetEnvironmentVariableA
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RtlUnwind
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
DecodePointer

user32

AppendMenuW
RemoveMenu
EnableWindow
SetFocus
LoadStringW
SetWindowTextW
SetMenuItemInfoW
GetClientRect
ShowWindow
GetWindowPlacement
LoadImageW
UnregisterClassA
FillRect
CheckMenuRadioItem
CreateWindowExW
MessageBeep
SystemParametersInfoW
DialogBoxParamW
MessageBoxA
GetSysColor
DrawMenuBar
GetClassLongW
SetClassLongW
GetParent

gdi32

CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
ExtCreatePen
MoveToEx
LineTo
GetObjectW
GetTextExtentPoint32W
GetTextMetricsW
CreateSolidBrush
GetRgnBox
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
GetTextExtentPointW
DeleteDC
DeleteObject
CreateDIBSection
EqualRgn

advapi32

EventWrite
EventRegister
EventUnregister

shell32

SHGetFolderPathW
ShellAboutW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

comctl32

ImageList_Destroy
CreatePropertySheetPageW
ImageList_LoadImageW
ImageList_Add
ImageList_Create
PropertySheetW

gdiplus

GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetPageUnit
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipCloneBrush
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipSetSmoothingMode
GdipCloneBitmapAreaI
GdipCreateHBITMAPFromBitmap
GdipFillRectangleI
GdipDisposeImage
GdipDrawLineI
GdipDrawArcI

rpcrt4

UuidToStringW
RpcStringFreeW
I_UuidCreate
UuidCreate

uxtheme

IsThemeActive

version

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

winmm

timeGetTime

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 458KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a22220de868c52c78803e2e507226f09

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

comctl32

gdiplus

rpcrt4

uxtheme

version

winmm

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 458KB - Virtual size: 457KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 458KB - Virtual size: 457KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 3KB