231020-qd933sdb38_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

231020-qd933sdb38_pw_infected.zip
Size

322KB
MD5

75a0e510749a3efbce771aba795f6d6f
SHA1

5a3b6d4ac6c0a0e3e881067e69e5f8f153c79544
SHA256

42f79a145975263ab560a26a42b5707ef92284d1d7c090bf115e1656bc3b8414
SHA512

d4b534a2b79bc182babf533929ca702b75821754fe5b53d47d121a3718216ec7392792bb880dc0bb0f3c785de7c10a88a779ef1f749e85083bd70a6357e28486
SSDEEP

6144:1KqIP689EesnjcAqUNqftRfLXnwP4boUm9KNP/vIBI/MEH+v218:cCmZftRfLXnjoUmkP/cI/MESA8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c4d39db132b92514085fe269db90511484b7abe4620286f6b0a30aa475f64c3e

Files

231020-qd933sdb38_pw_infected.zip
.zip

Password: infected
c4d39db132b92514085fe269db90511484b7abe4620286f6b0a30aa475f64c3e
.exe windows:4 windows x64

f77c5676d5c99563373eadafab25dc94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CloseServiceHandle
ControlService
EnumDependentServicesW
EnumServicesStatusW
FreeSid
OpenSCManagerW
OpenServiceW
SetEntriesInAclW
SetNamedSecurityInfoW
SystemFunction036

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CreateFileMappingA
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
DuplicateHandle
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDriveTypeW
GetEnvironmentVariableW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDriveStringsW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemInfo
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
LocalFree
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OpenProcess
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
SetFileAttributesW
SetFilePointerEx
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
WaitForSingleObject
WaitForSingleObjectEx
WriteConsoleW
DeleteCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlAddFunctionTable
RtlUnwindEx
RtlVirtualUnwind
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

shell32

ShellExecuteA

bcrypt

BCryptGenRandom

msvcrt

__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_lock
_onexit
_unlock
abort
atexit
calloc
exit
fprintf
free
fwrite
malloc
signal
strncmp
vfprintf

ntdll

NtCancelIoFileEx
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError
__C_specific_handler
memcmp
memcpy
memmove
memset
pow
strlen

Sections

.text
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

f77c5676d5c99563373eadafab25dc94

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

netapi32

shell32

bcrypt

msvcrt

ntdll

Sections

.text Size: 519KB - Virtual size: 518KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 59KB - Virtual size: 58KB

.pdata Size: 13KB - Virtual size: 13KB

.xdata Size: 19KB - Virtual size: 19KB

.bss Size: - Virtual size: 2KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 104B

.text
Size: 519KB - Virtual size: 518KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 59KB - Virtual size: 58KB

.pdata
Size: 13KB - Virtual size: 13KB

.xdata
Size: 19KB - Virtual size: 19KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 104B