12382647138[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

12382647138.zip
Size

263.6MB
MD5

cc94c69dfd0794428e1d448db81f4dfb
SHA1

b4d0cc086dbd22248b14a83bc0746cf8cfae75ef
SHA256

5fc40eadea89caa71da574818fa530b56f49808234147e8da1b5cd9cca3a9803
SHA512

12a8847d774ed1fcbcd5dafe0ea6019fcd90ae04fda0a2a1042aadc59323519fbf8b92998499ee52b23fb095d5e38b9c2e22c06a7259220bf5be21b6009fbf4e
SSDEEP

6291456:IA9Dyw9HLBWKqHgBM3b7q8Zz6RWfzxLNUoCpIIu0JhEOE8OXcdtEkUxC1QV:V9DhH1FB6VZ2RKzdwjNJ7E1cdtEkGCSV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6ed5fd952590198345da3ee14450c862e6635534774642688b618e6858ef1144

Files

12382647138.zip
.zip

Password: infected
6ed5fd952590198345da3ee14450c862e6635534774642688b618e6858ef1144
.exe windows:5 windows x64

Password: infected

27fbcae0191afd23bb2212d02d1d51a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

crypt32

CertCloseStore

iphlpapi

ConvertInterfaceIndexToLuid

kernel32

GetVersion
GetVersionExW
GetCurrentProcess
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

___lc_codepage_func

ole32

CoCreateInstance

psapi

GetProcessMemoryInfo

user32

DispatchMessageA
CharUpperBuffW

userenv

GetUserProfileDirectoryW

ws2_32

FreeAddrInfoW

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 769KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code0
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

27fbcae0191afd23bb2212d02d1d51a4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

iphlpapi

kernel32

msvcrt

ole32

psapi

user32

userenv

ws2_32

wtsapi32

Sections

.text Size: - Virtual size: 4.4MB

.data Size: - Virtual size: 42KB

.rdata Size: - Virtual size: 769KB

.pdata Size: - Virtual size: 165KB

.xdata Size: - Virtual size: 193KB

.bss Size: - Virtual size: 3.3MB

.idata Size: - Virtual size: 16KB

.CRT Size: - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.code0 Size: - Virtual size: 2.7MB

.code1 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 512B - Virtual size: 48B

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: - Virtual size: 4.4MB

.data
Size: - Virtual size: 42KB

.rdata
Size: - Virtual size: 769KB

.pdata
Size: - Virtual size: 165KB

.xdata
Size: - Virtual size: 193KB

.bss
Size: - Virtual size: 3.3MB

.idata
Size: - Virtual size: 16KB

.CRT
Size: - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.code0
Size: - Virtual size: 2.7MB

.code1
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 512B - Virtual size: 48B

.rsrc
Size: 48KB - Virtual size: 47KB