cd75ec475d26200d951c6c02b8de75fa2a5d24f3eb3747810b693e5f1803dfbe[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

cd75ec475d26200d951c6c02b8de75fa2a5d24f3eb3747810b693e5f1803dfbe.exe.zip
Size

4.9MB
MD5

ed02edf715e337e759c89fdd3ceb0dfb
SHA1

107158bf8152153646e3162566b9e36e39edc587
SHA256

bbcaa6c4b13b48710d7aa719de21b2fb91a5151f81b37c3ad402860dca3d8fa7
SHA512

f0213ecfaf085a16b47a45c819c6489d61238f6449139be7e9eb13d5f6616e2d4d99ad7f005c8edfd6662779b27d85204ec149213f3d7ec304dd23b84748bb9a
SSDEEP

98304:B4AZsyUvjKeuxxu7nfFuVmBeEw3JboQX0l222kxerRf5/LackDdnoXff:B4UUkxED7gZEH7eDLavdn+ff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cd75ec475d26200d951c6c02b8de75fa2a5d24f3eb3747810b693e5f1803dfbe.exe

Files

cd75ec475d26200d951c6c02b8de75fa2a5d24f3eb3747810b693e5f1803dfbe.exe.zip
.zip

Password: infected
cd75ec475d26200d951c6c02b8de75fa2a5d24f3eb3747810b693e5f1803dfbe.exe
.exe windows:4 windows x86

522ef498e59f40cf227e8201c43746f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
SetCurrentDirectoryA
GetCurrentProcess
ExpandEnvironmentStringsA
GetTempPathA
FreeLibrary
GlobalFree
lstrcmpA
Sleep
ExitProcess
DeleteFileA
GetSystemDirectoryA
GetVersionExA
_llseek
_lread
_lopen
CreateDirectoryA
GetModuleHandleA
GetCommandLineA
SetErrorMode
GetTempFileNameA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
CloseHandle
GetFileTime
CreateFileA
GetUserDefaultLangID
GlobalLock
LockResource
LoadResource
SizeofResource
FindResourceA
lstrcmpiA
lstrcpyA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetFileTime
_lcreat
LoadLibraryA
GetProcAddress
lstrcatA
_lwrite
_lclose
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetModuleFileNameA
FreeResource

user32

CharNextA
CreateDialogParamA
DestroyWindow
GetDlgItemTextA
EndDialog
SendMessageA
GetDC
LoadStringA
SetWindowTextA
SetTimer
GetDlgItem
ShowWindow
ExitWindowsEx
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
MessageBoxA
EnableWindow

gdi32

GetDeviceCaps

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

wsock32

htons
closesocket
setsockopt
recv
shutdown
WSAAsyncSelect
WSAStartup
WSACleanup
socket
WSAGetLastError
connect
send
ioctlsocket
gethostbyname

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

522ef498e59f40cf227e8201c43746f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 67KB

.WISE Size: 5.6MB - Virtual size: 5.6MB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 67KB

.WISE
Size: 5.6MB - Virtual size: 5.6MB

.rsrc
Size: 11KB - Virtual size: 11KB