b41dbb0880211b8bef437aa9a541f6cd1c15be6ed33f604571d5aea2f4c5da1e[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b41dbb0880211b8bef437aa9a541f6cd1c15be6ed33f604571d5aea2f4c5da1e.zip
Size

128KB
MD5

529b1bde0e9077ec7f06cb84d599bb11
SHA1

f766a849a59c437aa797450abc2ae45da3e533a6
SHA256

4e9c40a3934f2918ea6ab923e41c09d260bf93a46cc1b79b32daee478cf65212
SHA512

72b2de0caee87691424e25c5e8b6e24bb663a2f657798764feee4db427f908cad20cd1a13b7d9f9f68c4e4e4fc5e388fa65f43f27ccdf691beecb2d46fa59213
SSDEEP

3072:8nPfHJUxyupcdEh4hy77RmGW4N2ZNutAsOgMqRODxRygh/:8JayumdEhmyfk5NK8yROxwgh/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b41dbb0880211b8bef437aa9a541f6cd1c15be6ed33f604571d5aea2f4c5da1e.exe

Files

b41dbb0880211b8bef437aa9a541f6cd1c15be6ed33f604571d5aea2f4c5da1e.zip
.zip

Password: infected
b41dbb0880211b8bef437aa9a541f6cd1c15be6ed33f604571d5aea2f4c5da1e.exe
.exe windows:5 windows x86

Password: infected

1a993c5a381c8e12968253c74a42dfae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputW
GetModuleHandleExA
GetConsoleAliasExesA
GetDriveTypeW
CommConfigDialogA
WriteConsoleOutputCharacterA
FindResourceW
GetEnvironmentStringsW
WriteConsoleInputA
SetComputerNameW
UnlockFileEx
GenerateConsoleCtrlEvent
GetCompressedFileSizeW
WaitNamedPipeW
GetCommandLineA
GlobalAlloc
LoadLibraryW
GetLocaleInfoW
CopyFileW
SetConsoleCP
GetConsoleAliasW
GetWriteWatch
GetFileAttributesW
ReplaceFileW
ReadFile
FindNextVolumeMountPointW
SetConsoleTitleA
DeactivateActCtx
GetShortPathNameA
GetConsoleAliasesW
GetStartupInfoA
FindFirstFileA
GetLastError
SetLastError
SetDefaultCommConfigA
VerLanguageNameA
SetVolumeLabelW
MoveFileW
RemoveDirectoryA
CopyFileA
EnumSystemCodePagesW
FreeUserPhysicalPages
GetTempFileNameA
GetProcessVersion
FindClose
AddAtomW
CreateEventW
HeapLock
GetCommMask
SetThreadIdealProcessor
FoldStringA
GetSystemInfo
FindNextFileA
GetModuleHandleA
GetCommTimeouts
lstrcatW
FindNextFileW
VirtualProtect
QueryPerformanceFrequency
PeekConsoleInputA
OpenSemaphoreW
ReadConsoleInputW
GetWindowsDirectoryW
MoveFileWithProgressW
GlobalAddAtomW
EnumSystemLocalesW
lstrcpyW
DeleteFileA
CreateFileW
WriteConsoleW
ReadConsoleOutputCharacterA
GetVolumeNameForVolumeMountPointA
WideCharToMultiByte
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
HeapReAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
WriteFile
GetModuleFileNameW
CloseHandle
FreeEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
RtlUnwind
HeapSize
SetStdHandle
FlushFileBuffers

user32

CharUpperW

advapi32

AbortSystemShutdownW

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1a993c5a381c8e12968253c74a42dfae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 225KB - Virtual size: 225KB

.data Size: 6KB - Virtual size: 3.5MB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 225KB - Virtual size: 225KB

.data
Size: 6KB - Virtual size: 3.5MB

.rsrc
Size: 25KB - Virtual size: 25KB