69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c.zip
Size

220KB
MD5

e8b79ed5a785d48bca5cfa1bc5e048a5
SHA1

dff912acb42c27a46dd2f99d504ff0e4727cfe16
SHA256

f30c5ed2af4436ac9fd0a2111f8893a91c9062329039f0ed2855319d8c24d1df
SHA512

cf6c031cc387602924c3849e16cd9d35481c8e84f9d7875d8c3b46db367d7150bdf09210c3875d9136502c5b7c3c67882a5be3d4832d7c3374fc294ccd0bed21
SSDEEP

6144:njAJpJ9l2Lyuq0biRX8pefY2tEvs/EB9OFWiCStoNIIIg83d:jAJG+dimyey9I9oNWt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/thegradcafe.exe

resource
unpack002/thegradcafe.exe

Files

69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c.zip
.zip

Password: infected
69ce9bbdf3bd19b420ae8649e8c14348ca006db84643d2d7e16ee890e0fa706c
.zip
thegradcafe.exe
.exe windows:5 windows x86

e42eabfadf9f96d4882573fb3a454a32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown

gdi32

GetOutlineTextMetricsW
LineTo
ExtCreateRegion
GdiSetBatchLimit
GetBrushOrgEx
EqualRgn
FrameRgn

kernel32

GetModuleFileNameA
VirtualFreeEx
GetUserDefaultLangID
FillConsoleOutputCharacterA
EnumSystemGeoID
GetCompressedFileSizeA
LockFile
FormatMessageW
DeviceIoControl
GetFileTime
GetNLSVersion
LoadLibraryW
GetConsoleTitleA
GetModuleHandleA
GlobalFindAtomA
GetCurrentConsoleFont
VirtualUnlock
FormatMessageA
EnumResourceNamesW
GlobalAddAtomA
GetVolumeNameForVolumeMountPointW
GetStringTypeExW
Module32NextW
DeleteCriticalSection
GetStringTypeExA
DefineDosDeviceW
GetVolumePathNameW
GetLogicalDrives
LockFileEx
DeleteTimerQueue
GetLastError
GetModuleFileNameW
GetComputerNameExW
VirtualProtectEx

user32

GetCursor
GetFocus
IsZoomed
GetSystemMenu
GetUpdateRect
FindWindowA
DialogBoxParamW
DrawStateW
InsertMenuItemA
DeferWindowPos
LoadCursorA
GetMessagePos
GetProcessDefaultLayout
GetTitleBarInfo
GetDlgCtrlID

advapi32

GetFileSecurityA
LookupPrivilegeDisplayNameA
LockServiceDatabase

mscms

GetStandardColorSpaceProfileW

msvcrt

vfwprintf
tolower
free

secur32

DeleteSecurityContext

shell32

FindExecutableA

wininet

DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

powrprof

GetCurrentPowerPolicies

urlmon

MkParseDisplayNameEx

winspool.drv

DeletePrinterDriverExW

comdlg32

GetFileTitleW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e42eabfadf9f96d4882573fb3a454a32

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

gdi32

kernel32

user32

advapi32

mscms

msvcrt

secur32

shell32

wininet

powrprof

urlmon

winspool.drv

comdlg32

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 36KB - Virtual size: 45KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 36KB - Virtual size: 45KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB