HTVT-sam[.]zip

General

Target

HTVT-sam.zip
Size

133KB
MD5

d5ba827df473af01892f59921687b6e5
SHA1

7ecfe1319a4e684fbbc7313e010002a3ae0705cf
SHA256

578635de63e9659f4f116f8da37d6ac697fe39908c28528bc804d1adfcb6909c
SHA512

b8f43dfa05e71db7eb204492b6100962a960a57c9062cd80ccc7d4ffdb892fc0f83d776149db37b2f360ded50c12ec205a2f10b35927b67c75b8096996db0af2
SSDEEP

3072:YW5FqzSSLmb0JJAWh9nh77dFwGbH/sT8fI9i4:fCmSKQJS21sGbH/2s94

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0462e204f406465b435962b13689d999dc9cf084c33afc7d454d6955b85e40ad

Files

HTVT-sam.zip
.zip

Password: infected
0462e204f406465b435962b13689d999dc9cf084c33afc7d454d6955b85e40ad
.exe windows:5 windows x86

cc85afa907c18d45be6a9d16f3a8941b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenJobObjectA
WaitForSingleObject
Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetModuleHandleA
FreeConsole
GetLastError
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jnqz
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

cc85afa907c18d45be6a9d16f3a8941b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 64KB - Virtual size: 64KB

.jnqz Size: 512B - Virtual size: 44B

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 222KB - Virtual size: 221KB

.text
Size: 64KB - Virtual size: 64KB

.jnqz
Size: 512B - Virtual size: 44B

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 222KB - Virtual size: 221KB