ZeusBankingVersion_26Nov2013[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ZeusBankingVersion_26Nov2013.zip
Size

171KB
MD5

858e2aed6ba9b096679967da540d40c3
SHA1

aaf400b8510beaae9f5c09b60c3e099ca1239f1c
SHA256

4644b5fb10fb84c0d47bec4b5a48d5e60165e8ae2130fca5c055633aaad73162
SHA512

95545f8c022a12bbfd6fa5db05319e015da529d90342918259176539163d4abeb2f4fd429e391ff37c37de5d654a1259199dc67e010caf2c3108b706c6548af5
SSDEEP

3072:s2f7LeD2rcEE4U3FlrEKOAPoI5KUOqqJti2SAGBJMrUXz+qET12O:s+YqIDEKToI5x4i2Sdpz+/X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/invoice_2318362983713_823931342io.pdf.exe

Files

ZeusBankingVersion_26Nov2013.zip
.zip

Password: infected
invoice_2318362983713_823931342io.pdf.exe
.exe windows:5 windows x86

Password: infected

308fe2649c586660c71bc787d65e54fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveArgsA
StrCmpNIA
PathMatchSpecW
IsCharSpaceA
PathMakeSystemFolderA
PathIsRelativeA
PathIsSameRootA
PathParseIconLocationW
PathIsUNCServerA
ord14
ChrCmpIW
PathAddExtensionW
PathCombineW
PathQuoteSpacesA
ord157
PathIsRootW
ord29
PathRenameExtensionA
PathIsPrefixA
PathRelativePathToW
ChrCmpIA

kernel32

GetPrivateProfileIntW
LocalFree
WinExec
DeleteCriticalSection
GetUserDefaultUILanguage
FindNextFileA
GetOEMCP
SetCurrentDirectoryW
LocalAlloc
CreateFileMappingA
GetCompressedFileSizeA
GetEnvironmentVariableA
GetConsoleAliasExesLengthW
SizeofResource
GetDriveTypeA
WriteFile
VirtualQueryEx
IsBadReadPtr
GetCurrentThread
GetTickCount
LocalUnlock
GetEnvironmentVariableW
GetSystemDefaultUILanguage
FreeLibrary
GlobalAddAtomA
HeapFree
GetLogicalDrives
GetSystemDefaultLCID
GetModuleHandleW

user32

CallWindowProcW
GetProcessDefaultLayout
UpdateWindow
GetClipboardOwner
AppendMenuA
GetCaretPos
GetSysColor
DestroyCursor
GetClipboardData
GetScrollInfo
FlashWindowEx
GetAsyncKeyState
SetLastErrorEx
InflateRect
GetCapture
EnumClipboardFormats
ShowCaret
CopyAcceleratorTableA
IsWindowEnabled
DdeQueryNextServer
LoadBitmapA
DeleteMenu
HideCaret
GetWindowTextLengthW
SwapMouseButton
VkKeyScanA
AllowSetForegroundWindow

Exports

Exports

?AidsvowsBootFaysGiveCuesmadslallcarlwot@@YGXACMACUPelfOdasbachSlitfogymug@@UIniaAmiaMeedfohfe@@PCUDelsYagiNesskopen@@AC_W@Z
?HermArcoludeUmpsjiaoTareOhmsLimetumpdentdellAlifboosmy@@YGEACHUtagLOGFONTA@@PCU_SECURITY_ATTRIBUTES@@PCGUSagsduetLowechies@@PCUGrayEyneCombpupen@@I@Z
?MayoapoddrekheftExedqueyAlkypap@@YGXACUFlatmisscolyHantOldyspy@@UDecoappsSarigatet@@ACUtagMSG@@ACJACEHD@Z
?NegsgirlGhisKikeMeouCapeLimoslitcobsafarRyotkindbahpi@@YGEPCUDiteDadaArtyMuniod@@PCG@Z
?OilspocoShopGlutNapeTyroapedfiscjo@@YGGXZ
?PhatStumgatsli@@YGGN@Z
?RipewindCoofdoryYockFrogPertDuadfansLekezoeabranOkaydot@@YGGACUKinkKithHethon@@PCH@Z
?SpryBursApedfohnBangbes@@YGXPCIPCKUSobacruxboltRant@@ACUtagLOGBRUSH@@ACU_GUID@@H@Z
?StawpelfOdasbachSlitfogywipeIniaMeedfoh@@YGGACUtagBITMAP@@PCUtagRECT@@UDelsYagiNessBrisganaa@@PCIACKUtagLOGFONTA@@ACH@Z
?ZitsLakhmushKithHethGapeuveaMunsNoonRandJuteHuntFiconom@@YGXUHearWheymu@@D@Z
?solidStroke@@YGKXZ
AsksmaceaglyBubuPulsKaifTeasMistPeelGhisPrimChaoLyreroeno
BagsSpicDollBikeAzonPoopHamsPyasmap
BardHolyawe
BathEftsDawnvilepughThroCymakohloverMitefuzerat
BemaCadsPodsWavyCedeRadsbrioOustPerefenom
BullbonyaweeWaitsnugTierDriblibye
CameValeWauler
CedeSalsshulLimyThroliraValeDonabox
CellrotoCrudUntohighCols
DenyLubeDunssawsOresvarut
DragRoutflusCrowPeatmownNewsyaksSerfmare
Dumpcotsavo
DungBadebankBangGelthoboCocaBozotsksWheyVaryShoghoseNipsCadisi
ExitRollWoodGumsgamaSloerevsWussletssinkYearZitiryesHypout
FociTalcileador
GeneAilshe
GhisGoodHowlCoonCigscateged
GimpWadsdashHoraYardSeatDeanScanscowRantKeasfib
Haesourfe
HoggSoonLasstwaeNapeCeilBawlscopdub
Icontellnoway
ImidslatJokyCombdrubChefBilkSale
IzararfsFlamWostAirsconsMouefemelallPoretweeSacsOxidMinx
JabsNaveFateLariManyLeeksecshiesBawlwoo
KatsDoreOmerBetsKoraKeef
KineChamLows
LeerMiff
MaarSectFiscNextMattbamsErasnimstoeaBadshon
MarkMokeOsesShwaSkegpornlimemim
MeanOrrabirogirtWorkGawpSassPirnVinoLotaPledEidefe
NextLoveOralwanySurfhm
NisiBoyolineJiaoveryObiaowedblamHaetMaulweensky
OastcabskamiKartDumbInksSomsMass
PeckQuinFillrillsaw
RamilimaputtHastJobs
RemsSlaySoreAnoaaxalbuffusesemeuMapsyogaHangLoud
RidsFineZingMickMomsdue
SeminerdsoloseenYaginobox
SiretomsbritGrewIckyNapaLumsBoaren
SlabKitsSlayseptPfftjiffSabsdeskOafsNowtMemsKirnKepiMiffDunt
SoldKartAgueiliaRushWauldhal
SuitplieGunsMaidBaitFeusJiaotodycolyAlbsLuneToyspe
SungActaKopsMaarposyparefuzedeck
ToeaTailecusGeesSoliCadeSpueEndsPlaykaphall
Vavsrubepodsjadebrooli
VeerCrawFlateel
WainMeekPinyWonkpooflaudsir
WhopTestrangrapsdebsTzarNipaYins
YeukMags
ZetaBeduPirnhipsjailTingSrisTeleAposhuskNameHoerflagemuwo

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

308fe2649c586660c71bc787d65e54fd

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 74KB - Virtual size: 74KB

.itext Size: 2KB - Virtual size: 2KB

.pdata Size: 95KB - Virtual size: 95KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 74KB - Virtual size: 74KB

.itext
Size: 2KB - Virtual size: 2KB

.pdata
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 5KB - Virtual size: 5KB