1e87d2cbc136d9695b59e67f37035a45a9ad30f5fccc216387a03c0a62afa9d4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1e87d2cbc136d9695b59e67f37035a45a9ad30f5fccc216387a03c0a62afa9d4.zip
Size

16KB
MD5

6e6137868ca3e145aec235aa029e57ea
SHA1

d15bf52b395c14c9954316c46abbfa8a31feb73d
SHA256

3fa6bde28348f0f646e93455f8e6cf1ee063f044fc9199a2e785557d61dc73c4
SHA512

002edf3c02cf1c5bbdaad2d5a8ab69ee4f952c6dad5f680fb4812eabdbc00451cdf100f6dfaada90d7d4da8e699578d23ec96f9a14b799b501f745e71c1baac5
SSDEEP

384:0iNZeKpEEUoPL25zGj4yW2v8vYuHxC9oGsPX4Rdb/+B:0sv7D2stW+8zAs/kbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1e87d2cbc136d9695b59e67f37035a45a9ad30f5fccc216387a03c0a62afa9d4

Files

1e87d2cbc136d9695b59e67f37035a45a9ad30f5fccc216387a03c0a62afa9d4.zip
.zip

Password: threatbook
1e87d2cbc136d9695b59e67f37035a45a9ad30f5fccc216387a03c0a62afa9d4
.exe windows:5 windows x86

Password: threatbook

b750c9f88f4a266f248ff8ddbf3a4ad2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
htons
WSAStartup
connect
recv
gethostbyname
closesocket
WSACleanup
send

kernel32

GetLastError
CreateMutexW
SetLastError
ExitProcess
GetExitCodeThread
WaitForSingleObject
Sleep
LoadLibraryA
DeleteFileA
ResumeThread
CreateProcessA
ReadFile
GetFileSize
WriteFile
SetFilePointer
CreateFileA
ExitThread
GetCurrentProcess
GetProcAddress
GetModuleHandleA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
ReleaseMutex
GetVersionExW
DeleteFileW
GetTickCount
CreateFileW
MultiByteToWideChar
GetVolumeInformationW
WriteProcessMemory
ReadProcessMemory
VirtualAlloc
VirtualProtect
VirtualQuery
OpenProcess
VirtualFreeEx
VirtualAllocEx
CreateRemoteThread
CreateProcessW
CopyFileW
GetModuleFileNameW
CloseHandle
ResetEvent
SetEvent
OpenEventW
CreateEventW
LocalAlloc
FindClose
FindNextFileW
GetFileAttributesW
FindFirstFileW
SetFileAttributesW
CreateThread
VirtualFree
GetProcessHeap
HeapFree
HeapAlloc

ntdll

wcsstr
wcsncat
strspn
strpbrk
_strnicmp
memcpy
memset
_chkstk
strncmp
strstr

wininet

InternetOpenA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shell32

SHGetFileInfoW

user32

DefWindowProcW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
MessageBoxA

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
InitializeSecurityDescriptor
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CLSIDFromString

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

b750c9f88f4a266f248ff8ddbf3a4ad2

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

ntdll

wininet

shell32

user32

advapi32

ole32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB