42a6da4b6bb42792c3fc1b77e1b98d01d58f275cc7f752dcd46c814abc789b6c[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

42a6da4b6bb42792c3fc1b77e1b98d01d58f275cc7f752dcd46c814abc789b6c.exe.zip
Size

3.0MB
MD5

ebe0bff2dd5122cb32235cbea5ea7529
SHA1

11325deeb5a4d72eb03d9905479a9bd7bca7091b
SHA256

c2112be3057387afdf5f368d94b28a2ba8055fe208d76d03f4f61cf92d8d484a
SHA512

90b8dc7496ac1eba0512a5ba082a7fc69b7966e1bf2df92c69aef5c73271defbb9173af1abe0bd2f201f0e957b943db32b4a677822a8b77ebe37c4be0c73440f
SSDEEP

98304:WnfOt68/MyuWWD4hgB1iXHH06SjDrWRUIg3GNcJfCUF:Wnk68/DuZDegB1ihS7WRCLZ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/42a6da4b6bb42792c3fc1b77e1b98d01d58f275cc7f752dcd46c814abc789b6c.exe

Files

42a6da4b6bb42792c3fc1b77e1b98d01d58f275cc7f752dcd46c814abc789b6c.exe.zip
.zip

Password: infected
42a6da4b6bb42792c3fc1b77e1b98d01d58f275cc7f752dcd46c814abc789b6c.exe
.exe windows:5 windows x64

cfd25bb8b565beae8243cdfa604fadc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

powerdatarecoverycore

??1KMemoryPool@@UEAA@XZ

ikernel

klog_log

qt5core

?qrand@@YAHXZ

qt5gui

??1QPen@@QEAA@XZ

qt5widgets

??1QMenu@@UEAA@XZ

qt5network

??1QSslError@@QEAA@XZ

user32

GetDC

gdi32

DeleteDC

advapi32

RegCloseKey

shell32

ord155

ole32

OleRun

oleaut32

VariantClear

msvcr120

rand

msvcp120

?_BADOFF@std@@3_JB

propsys

PSGetPropertyKeyFromName

mpr

WNetCloseEnum

libeay32

ord340

libcurl

curl_easy_init

Sections

.MPRESS1
Size: 2.9MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

cfd25bb8b565beae8243cdfa604fadc6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

powerdatarecoverycore

ikernel

qt5core

qt5gui

qt5widgets

qt5network

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcr120

msvcp120

propsys

mpr

libeay32

libcurl

Sections

.MPRESS1 Size: 2.9MB - Virtual size: 6.6MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 182KB - Virtual size: 181KB

.MPRESS1
Size: 2.9MB - Virtual size: 6.6MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 182KB - Virtual size: 181KB