MDE_File_Sample_d5b098e84de345012434783879efb3b8bd64f9ec669b11dd244e4e1594a7c228 (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_d5b098e84de345012434783879efb3b8bd64f9ec669b11dd244e4e1594a7c228 (1).zip
Size

72KB
MD5

367ae6d65518999b22a90bfb5cf2d9c7
SHA1

235a5cc30bb95d9c36e2ec34a4406f68547c89b9
SHA256

f4e417aaa9668afb727cd67d502dca773be3e341f8e4dc9d40eaaf98b9ca6c2f
SHA512

a70318553c071c0af93c3d963b4e457298520f6a82d8fbbf112c49fef43affacd958694940727e0ce8324b9ed7c150d6cd85e891c8faeb760ec6e0cedf5722f0
SSDEEP

1536:RIQTKup4RKusFGK7IEeK9e2fD6W9Dkd8ehbIKwm2J/sX8L9ElyqSX:yQGIFdDeAeojehbIt/KDId

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3ef001c04cbd424a7d0b305bab7fd742ad57101b

Files

MDE_File_Sample_d5b098e84de345012434783879efb3b8bd64f9ec669b11dd244e4e1594a7c228 (1).zip
.zip

Password: infected
3ef001c04cbd424a7d0b305bab7fd742ad57101b
.exe windows:4 windows x64

Password: infected

625ba6ffd588d9d4366b5f9b15bd7045

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

iphlpapi

GetIpAddrTable

kernel32

CloseHandle
CompareFileTime
CreateEventA
CreateFileA
CreateMutexA
CreateProcessA
CreateThread
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitThread
FormatMessageA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLocalTime
GetModuleFileNameA
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
LocalSize
MoveFileA
OpenProcess
QueryPerformanceCounter
ReadFile
ReleaseMutex
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryA
SetEndOfFile
SetEvent
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile

msvcrt

__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_stat64
_strcmpi
_unlock
_time64
abort
atoi
calloc
exit
fprintf
free
fwrite
localtime
malloc
memcmp
memcpy
memset
printf
putchar
puts
signal
sprintf
strcat
strcmp
strcpy
strftime
strlen
strncmp
strstr
toupper
vfprintf

psapi

EnumProcesses
GetModuleBaseNameA

user32

wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
gethostname
htons
inet_ntoa
recv
send
shutdown
socket

libcrypto-1_1-x64

ASN1_STRING_get0_data
ASN1_STRING_length
ASN1_item_d2i
BIO_ctrl
BIO_free
BIO_new_accept
BIO_new_file
BIO_pop
ERR_error_string
ERR_get_error
OBJ_nid2sn
OBJ_obj2nid
OPENSSL_sk_num
OPENSSL_sk_value
OpenSSL_version
PEM_read_bio_DHparams
RAND_load_file
X509V3_EXT_get
X509_EXTENSION_get_data
X509_EXTENSION_get_object
X509_NAME_get_text_by_NID
X509_NAME_oneline
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_free
X509_get_ext
X509_get_ext_count
X509_get_issuer_name
X509_get_subject_name
X509_verify_cert_error_string

libssl-1_1-x64

OPENSSL_init_ssl
SSL_CTX_load_verify_locations
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_default_passwd_cb_userdata
SSL_CTX_set_default_verify_paths
SSL_CTX_set_options
SSL_CTX_set_tmp_dh_callback
SSL_CTX_set_verify
SSL_CTX_set_verify_depth
SSL_CTX_use_PrivateKey_file
SSL_CTX_use_certificate_chain_file
SSL_accept
SSL_clear
SSL_free
SSL_get_peer_certificate
SSL_get_shutdown
SSL_get_verify_result
SSL_new
SSL_read
SSL_set_accept_state
SSL_set_bio
SSL_shutdown
SSL_write
TLS_method

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

625ba6ffd588d9d4366b5f9b15bd7045

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

psapi

user32

version

wsock32

libcrypto-1_1-x64

libssl-1_1-x64

Sections

.text Size: 49KB - Virtual size: 49KB

.data Size: 512B - Virtual size: 272B

.rdata Size: 13KB - Virtual size: 13KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 5KB

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 680B

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 49KB - Virtual size: 49KB

/31 Size: 7KB - Virtual size: 6KB

/45 Size: 7KB - Virtual size: 6KB

/57 Size: 3KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 804B

/81 Size: 12KB - Virtual size: 11KB

/92 Size: 1KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 49KB

.data
Size: 512B - Virtual size: 272B

.rdata
Size: 13KB - Virtual size: 13KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 5KB

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 680B

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 49KB - Virtual size: 49KB

/31
Size: 7KB - Virtual size: 6KB

/45
Size: 7KB - Virtual size: 6KB

/57
Size: 3KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 804B

/81
Size: 12KB - Virtual size: 11KB

/92
Size: 1KB - Virtual size: 1KB