57d62cd491a8a73e98a888a0d6ed7867e798372c83a5304807d4e2f1a9d644fc[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

57d62cd491a8a73e98a888a0d6ed7867e798372c83a5304807d4e2f1a9d644fc.exe.zip
Size

9.4MB
MD5

82c1473a20e0a0b8e58154fca915c996
SHA1

87596b2425841d33ef5fc918e7eca55009b35294
SHA256

f6786f80ae70a77986232ac06611f8f013eccba268bf74bd1efee747442aef93
SHA512

9a3a62b597cb2f78bfa4ecb9687d441afac5ac78855850574a6a9c48681ab4d81a926b2696925be17205129134903f7992ec523ca554687839217080a595c4e8
SSDEEP

196608:1Sv82JQI2IACNpiAuNFmqQyBrz4TMZMfOYktWAJjm8G4fucVy3eNNsohtbfB6:Mv82AcNO4qQyNzZ7YktWj34By32Xvk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/57d62cd491a8a73e98a888a0d6ed7867e798372c83a5304807d4e2f1a9d644fc.exe

Files

57d62cd491a8a73e98a888a0d6ed7867e798372c83a5304807d4e2f1a9d644fc.exe.zip
.zip

Password: infected
57d62cd491a8a73e98a888a0d6ed7867e798372c83a5304807d4e2f1a9d644fc.exe
.exe windows:4 windows x86

dc313807354209797f88cf99242275e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateThread
GetSystemDirectoryA
CloseHandle
MoveFileExA
MoveFileA
GetShortPathNameA
GetVersionExA
GetLocaleInfoA
GetWindowsDirectoryA
GetTempPathA
GetTimeFormatA
WriteFile
CreateFileA
LockResource
LoadResource
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcess
GetModuleHandleA
FindResourceA
GetLastError
SizeofResource
GetDateFormatA
GetNumberFormatA
SetEndOfFile
GetStringTypeA
HeapAlloc
FlushFileBuffers
SetStdHandle
ReadFile
IsBadCodePtr
IsBadReadPtr
SetFilePointer
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LoadLibraryA
DeleteFileA
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
VirtualFree
FreeEnvironmentStringsW
GetStringTypeW
GetProcAddress
HeapReAlloc
TerminateProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetStdHandle
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate

user32

LoadStringA
EndDialog
MessageBoxA
DialogBoxParamA
GetDesktopWindow
SetDlgItemTextA
wsprintfA
ExitWindowsEx

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

ShellExecuteExA

version

VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.9MB - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

dc313807354209797f88cf99242275e6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 10.9MB - Virtual size: 10.9MB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 10.9MB - Virtual size: 10.9MB