MDE_File_Sample_f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97.zip
Size

121KB
MD5

4d099a918e1714eb508e6d331cae1281
SHA1

98b51a386cb3a8a9200acad98644652ff350fddf
SHA256

7aafae498ef2d911f7e2103991ef77e5ed8b1fedc0247b6f8911850a8cb18e7d
SHA512

74b73a8fc8689b9cc7e901ded9b831487e7a8cbac6f711753941e6d3e6fa51f53828b06addf962437429ad810fa19e6a00818ed82c3ca0d2227281195139634b
SSDEEP

3072:2fBsgnqbbK4a9siqdO+rU4rRyax1CMzRhCCN2SWcDjvy:ysgqPu6iqdO+rJRZx17RhPNVNnvy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/47c112c23c7bdf2af24a20bd512f91ff6af76bc6

Files

MDE_File_Sample_f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97.zip
.zip

Password: infected
47c112c23c7bdf2af24a20bd512f91ff6af76bc6
.exe windows:5 windows x64

Password: infected

e14388498639688dc750895bc5ef963a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathUnquoteSpacesW
PathFindExtensionW

kernel32

CreateThread
SetHandleInformation
CreatePipe
DuplicateHandle
GetCommandLineW
TlsAlloc
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
GetExitCodeProcess
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
WaitForSingleObject
LeaveCriticalSection
SetWaitableTimer
EnterCriticalSection
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
GetSystemTimeAsFileTime
CreateWaitableTimerW
InitializeCriticalSection
ReadFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetLastError
GetModuleFileNameA
RtlUnwindEx
GetFileInformationByHandle
Sleep
SystemTimeToFileTime
CloseHandle
CompareFileTime
FileTimeToSystemTime
MoveFileW
GetSystemTime
CreateFileW
SetFilePointer
SetEndOfFile
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetProcessAffinityMask
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
GetModuleFileNameW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
SetConsoleTitleW
GetStdHandle
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetProcessHeap
HeapAlloc
GetComputerNameW
HeapFree
GetLastError
GetCurrentThreadId
FlsFree
FlsSetValue
MultiByteToWideChar
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsAlloc

user32

EnumWindows
PostMessageW
GetSystemMetrics
LoadImageW
SetWindowLongPtrW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
GetWindowLongPtrW
SetFocus
ShowWindow
CheckRadioButton
SetWindowPos
SetDlgItemInt
SetDlgItemTextW
SendMessageW
GetDlgItemTextW
GetDlgItem
EnableWindow
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetSystemMenu
EnableMenuItem
GetWindowThreadProcessId
PostThreadMessageW

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceKeyNameW
EnumServicesStatusW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetServiceDisplayNameW
CloseServiceHandle
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e14388498639688dc750895bc5ef963a

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

comdlg32

advapi32

shell32

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 152KB - Virtual size: 151KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 152KB - Virtual size: 151KB