file_e3dc112920ed4fdba2d75c07aec18643_2023-09-28_09_07_41_228000[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

file_e3dc112920ed4fdba2d75c07aec18643_2023-09-28_09_07_41_228000.zip
Size

7KB
MD5

93a1e2ce68de3b7fdc5dc075df3e1f45
SHA1

6807e56336f32377363e7dcd77cdd88ec8c05732
SHA256

0c05719675d3003f4a248b198b349b772d4558cfe53dd938cb51ba24b3c4f57b
SHA512

f05c449de8a2ff59e3a8e78f57d556d372c98cbea12bc96f3920eab0e37e07a076bf7f3431803f9bf7998391d317b7464a1739373fce61aa1a8298cd756eaa2f
SSDEEP

192:JqTtI6xe95svDswVN2xndAQzlHRgaLlF5GhP2u:JGZx7bxPKdAOVVeV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/entry_1_0/windbg.exe

Files

file_e3dc112920ed4fdba2d75c07aec18643_2023-09-28_09_07_41_228000.zip
.zip
entry_1_0/windbg.exe
.exe windows:6 windows x64

3c462a5dae4292289426cde61f1e4fcb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
GetTickCount
GetModuleFileNameA
HeapCreate
HeapReAlloc
CreateThread
HeapAlloc
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
TerminateProcess
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
QueryPerformanceCounter

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
memcpy

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__p___argc
_exit
_initterm_e
_initialize_onexit_table
_register_onexit_function
_c_exit
terminate
_seh_filter_exe
_initterm
exit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_cexit
_crt_atexit
__p___argv
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
fgets
fopen
fclose

api-ms-win-crt-filesystem-l1-1-0

_access

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

3c462a5dae4292289426cde61f1e4fcb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 9KB

.pdata Size: 1024B - Virtual size: 528B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 9KB

.pdata
Size: 1024B - Virtual size: 528B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 48B