bf4b339d4973522a3bb5ead93949517fb50bb6d671adf5bd307e8ef3918aa76f[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

bf4b339d4973522a3bb5ead93949517fb50bb6d671adf5bd307e8ef3918aa76f.exe.zip
Size

2.9MB
MD5

2dbbfaca5ba942a6ae9d1d3644fde385
SHA1

184e17a07857bc0e0a3c60fc01b4e851560ef7ae
SHA256

4acf8850cb59f1bfcf66454d134607116ec3b24f1eb42c3d5e899469e7c34cd8
SHA512

e2fdcc45c9fabe500f09bfe5660e309d339027d98843b42aab51245bed1c244f4f242642945f9494e6d60528bd20957f6358b76a2892e781c3426e5376db1d89
SSDEEP

49152:WmXJi9Cf99Y/9E0vBV904y63FwjeMDRRgnmB2peD1nYTlIMIpzoRXkIYkGGHpkFo:Wm5KC6O0ud63FwKwKmMQeuMaoe/GJkFo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bf4b339d4973522a3bb5ead93949517fb50bb6d671adf5bd307e8ef3918aa76f.exe

Files

bf4b339d4973522a3bb5ead93949517fb50bb6d671adf5bd307e8ef3918aa76f.exe.zip
.zip

Password: infected
bf4b339d4973522a3bb5ead93949517fb50bb6d671adf5bd307e8ef3918aa76f.exe
.exe windows:5 windows x86

b644ebb2ccbd9e5e3e442a399d02d1c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

powerdatarecoverycore

??1KMemoryPool@@UAE@XZ

ikernel

klog_log

qt5core

?qrand@@YAHXZ

qt5gui

??1QPen@@QAE@XZ

qt5widgets

??1QMenu@@UAE@XZ

qt5network

??1QSslError@@QAE@XZ

user32

GetDC

gdi32

DeleteDC

advapi32

RegCloseKey

shell32

ord155

ole32

OleRun

oleaut32

SafeArrayCreateVector

msvcr120

rand

msvcp120

?_BADOFF@std@@3_JB

propsys

PSGetPropertyKeyFromName

mpr

WNetCloseEnum

libeay32

ord340

libcurl

curl_easy_init

Sections

.MPRESS1
Size: 2.8MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

b644ebb2ccbd9e5e3e442a399d02d1c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

powerdatarecoverycore

ikernel

qt5core

qt5gui

qt5widgets

qt5network

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcr120

msvcp120

propsys

mpr

libeay32

libcurl

Sections

.MPRESS1 Size: 2.8MB - Virtual size: 6.1MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 182KB - Virtual size: 181KB

.MPRESS1
Size: 2.8MB - Virtual size: 6.1MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 182KB - Virtual size: 181KB