12254962144[.]zip

Resubmissions

12/10/2023, 10:14

231012-l9zj1aee56 3

12/10/2023, 10:11

231012-l78pwsce2z 3

Sharing

Copy URL Twitter E-mail

General

Target

12254962144.zip
Size

621KB
MD5

80d0d92436ca08735935f99e9a7f966b
SHA1

7cb81654820a0a8b20b402ba433739e248f30152
SHA256

197baea75e1ddcbb26eab235df3ea172454647af8d9dc441e0bb3fff0756024c
SHA512

9ff9172ac05e3132d9351210d9be682c194d8132abe6c403e2db9a4005d7632a31c80639f080c69ab8a1d06f21b92051c7b31dc264e03b0082f5395262cb94ad
SSDEEP

12288:0Gxs1kQufEwTTqfToQeGoeyTDAp1Mi0PM0k7ItA+TP969CZhdgIvn0C/+knW:0wQ0LQPjyTa1MiQTtjwSdFv0EW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6355a5d88ee73eefd354cfcfa3e4c70d61df171d47a067e4009a6282f2ed8558

Files

12254962144.zip
.zip

Password: infected
6355a5d88ee73eefd354cfcfa3e4c70d61df171d47a067e4009a6282f2ed8558
.dll windows:6 windows x64

57cc3398ef3e7b7c5f0c5909f3fc92d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSectionEx
HeapSize
MultiByteToWideChar
Sleep
GetFileInformationByHandle
GetLastError
DeleteFileW
HeapReAlloc
RaiseException
HeapAlloc
HeapFree
DeleteCriticalSection
ExitProcess
GetProcessHeap
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
WriteConsoleW
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
GetTickCount
GetFileSize
CloseHandle
CreateEventW
CreateFileW
WriteFile
ReadFile
HeapDestroy
CreateDirectoryW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
CompareStringW
GetConsoleCP
GetFileType
GetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetACP
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleFileNameA
GetModuleHandleExW
VirtualQuery
VirtualProtect
VirtualAlloc
SetLastError
InterlockedFlushSList
SetEvent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
GetSystemInfo
LoadLibraryW
HeapCompact
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwindEx

user32

GetDC
ReleaseDC
MessageBoxW
GetForegroundWindow

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetDeviceCaps
GetObjectW
DeleteObject
DeleteDC
BitBlt

shell32

ShellExecuteExW

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantClear

secur32

GetUserNameExW

winhttp

WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpOpen
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders

shlwapi

PathFindFileNameW
PathFindExtensionW

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdiplusShutdown
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 925KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

57cc3398ef3e7b7c5f0c5909f3fc92d3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

secur32

winhttp

shlwapi

gdiplus

Exports

Exports

Sections

.text Size: 925KB - Virtual size: 924KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 16KB - Virtual size: 22KB

.pdata Size: 44KB - Virtual size: 43KB

.gfids Size: 512B - Virtual size: 244B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 925KB - Virtual size: 924KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 16KB - Virtual size: 22KB

.pdata
Size: 44KB - Virtual size: 43KB

.gfids
Size: 512B - Virtual size: 244B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 4KB - Virtual size: 4KB