file_0e1543b44fc7470faa030e7d3c2fa2fc_2023-09-18_09_19_59_077000[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

file_0e1543b44fc7470faa030e7d3c2fa2fc_2023-09-18_09_19_59_077000.zip
Size

1021KB
MD5

9b0aa4d86f870ec3647e000cb0816c61
SHA1

4321dcf412f8f5fb6fdba034eae0f117f95353ce
SHA256

05f45966adedf12871b14d5c1907160892a6b079d7010168303c77db788998c9
SHA512

2a75d0b039294bd268fb4722a0d8b9e50a2f021afdbb08c8098ed63a10cb1c769df5381cf972f0291820df436cfdd36214277f13d2e4ba7c06178f8399540ee1
SSDEEP

24576:tNFv+uQ+qtikPLKuyIj6VvEQ4bWAvA3eu2l6cO:zsuPq0kT5+VMJWAY3e9scO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/entry001/200220151240.jpg.exe

Files

file_0e1543b44fc7470faa030e7d3c2fa2fc_2023-09-18_09_19_59_077000.zip
.zip
entry001/200220151240.jpg.exe
.exe windows:5 windows x86

18aabd61279e6cec11a74a4209289593

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
connect
socket
gethostbyname
bind
getsockname
recv
send
WSAGetLastError
shutdown
closesocket
__WSAFDIsSet
select
htons
inet_addr
inet_ntoa
ntohs
ioctlsocket
setsockopt
WSAStartup

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CertCloseStore
CryptDecryptMessage
CertOpenStore
CryptSignMessage
CryptEncodeObject
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CryptEncryptMessage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertSetCertificateContextProperty
CertNameToStrW
CryptDecodeObject
CertCreateCertificateContext
CryptMsgControl

shlwapi

PathCombineA
SHDeleteKeyA
PathFindExtensionA

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA

kernel32

GetConsoleCP
HeapSize
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetModuleHandleA
FindFirstFileA
FindClose
FindNextFileA
SetErrorMode
ExpandEnvironmentStringsA
CopyFileA
GetModuleFileNameA
WaitForMultipleObjects
CreateThread
GetComputerNameA
Sleep
ExitThread
GetLogicalDriveStringsA
GetDriveTypeA
LocalFree
GetLastError
SystemTimeToFileTime
CompareFileTime
GetConsoleMode
GetSystemTime
GetLocalTime
FileTimeToLocalFileTime
GetTickCount
GetACP
GetOEMCP
FormatMessageA
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathW
GetTempPathA
DeleteFileW
DeleteFileA
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
CreateFileA
SetFilePointer
CloseHandle
GetFileTime
ReadFile
GetProcessHeap
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
GetVersionExA
CreateFileW
GetProcAddress
LoadLibraryA
FreeLibrary
RaiseException
HeapAlloc
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
VirtualAlloc
HeapReAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
WriteFile
GetCommandLineA
GetStartupInfoA
RtlUnwind
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType

user32

DefWindowProcA
TranslateMessage
DispatchMessageA
RegisterClassExA
GetMessageA
GetSysColorBrush
CreateWindowExA

advapi32

CryptDestroyKey
CryptExportKey
CryptGetProvParam
CryptEnumProvidersA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CryptGetUserKey

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 405KB - Virtual size: 405KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tiqeqaz
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nrqfksm
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qtkksig
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ledgqmm
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zapjqyr
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sbysjjo
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

efxlkrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ofksgjw
Size: 478KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

18aabd61279e6cec11a74a4209289593

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

shlwapi

wininet

kernel32

user32

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 405KB - Virtual size: 405KB

.data Size: 82KB - Virtual size: 100KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 140KB - Virtual size: 141KB

tiqeqaz Size: 30KB - Virtual size: 32KB

nrqfksm Size: 31KB - Virtual size: 32KB

qtkksig Size: 30KB - Virtual size: 32KB

ledgqmm Size: 31KB - Virtual size: 32KB

zapjqyr Size: 30KB - Virtual size: 32KB

sbysjjo Size: 31KB - Virtual size: 32KB

efxlkrc Size: 30KB - Virtual size: 32KB

ofksgjw Size: 478KB - Virtual size: 480KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 405KB - Virtual size: 405KB

.data
Size: 82KB - Virtual size: 100KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 140KB - Virtual size: 141KB

tiqeqaz
Size: 30KB - Virtual size: 32KB

nrqfksm
Size: 31KB - Virtual size: 32KB

qtkksig
Size: 30KB - Virtual size: 32KB

ledgqmm
Size: 31KB - Virtual size: 32KB

zapjqyr
Size: 30KB - Virtual size: 32KB

sbysjjo
Size: 31KB - Virtual size: 32KB

efxlkrc
Size: 30KB - Virtual size: 32KB

ofksgjw
Size: 478KB - Virtual size: 480KB