aa8cfbfaed3a3a148af9c81e7fe6943ddc83a266b1fc190aeb98cefd00043192[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

aa8cfbfaed3a3a148af9c81e7fe6943ddc83a266b1fc190aeb98cefd00043192.exe.zip
Size

9.3MB
MD5

49e2400ea07e1cb2dacb9a4f4e490546
SHA1

9672e7c36df34ccdd312fbdc66e62fb78d1d9731
SHA256

a5dae7058285cd02fa6b7c53ad1c4e8534c740e9b2f2f251f1a8837c312842be
SHA512

25e57cdd51d715a17343454b43fb2f5626b7dbf320fb6b8cbbdcb9a9ad724f195005056a192f5d00533f4414ac20eeeca86e767f159906b5b8ead1adb50b4d57
SSDEEP

196608:ATAFMO1+wshOwxDvoSyRK6t1L9hVulvCmujbZlF2RdVIr/MzDIN:zM029xDryc6nL1uadZlF2RdGj8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aa8cfbfaed3a3a148af9c81e7fe6943ddc83a266b1fc190aeb98cefd00043192.exe

Files

aa8cfbfaed3a3a148af9c81e7fe6943ddc83a266b1fc190aeb98cefd00043192.exe.zip
.zip

Password: infected
aa8cfbfaed3a3a148af9c81e7fe6943ddc83a266b1fc190aeb98cefd00043192.exe
.exe windows:6 windows x86

e51ee40ae0ed0decdf850b45dd7e4ce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
ExpandEnvironmentStringsA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
GetVersion
GetModuleHandleW
FreeResource
LockResource
LoadResource
SizeofResource
CloseHandle
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetCurrentDirectoryA
GetTempFileNameA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
ExitProcess
LoadLibraryExA
GetVersionExA
GetExitCodeProcess
GetProcAddress
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
FindResourceA
LoadLibraryA
FreeLibrary
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
WaitForSingleObject

gdi32

GetDeviceCaps

user32

SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CharPrevA
CharUpperA
CharNextA
ExitWindowsEx
EndDialog
GetDesktopWindow
LoadStringA
SetDlgItemTextA
MessageBeep
GetWindowRect
GetSystemMetrics

msvcrt

_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
__getmainargs
memcpy
memset
_vsnprintf

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e51ee40ae0ed0decdf850b45dd7e4ce6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

version

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 8KB

.rsrc Size: 9.5MB - Virtual size: 9.5MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 8KB

.rsrc
Size: 9.5MB - Virtual size: 9.5MB

.reloc
Size: 3KB - Virtual size: 3KB