10d1043d97415b9c7367bda7fe98dd09d9bdb3b6cc7df2920a1dbdb85d4fafcf[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10d1043d97415b9c7367bda7fe98dd09d9bdb3b6cc7df2920a1dbdb85d4fafcf.exe.zip
Size

60.2MB
MD5

aa8d188964a397e047dcf92c8e2bacc8
SHA1

18fe17d116e41348e9311461e2c1055876895617
SHA256

f4d4f2d9cb06f1bf3c32f76fc1ed5532c4add8d704713f8c4798f19667eed8c9
SHA512

7dec15948a3240482b196c78c5a151d7ffb453212cade212c8830f8c8cd77a7e4b19b7f3e860c2d1bdb6316472050aa38979b556fbd4299e408a8d4fe9e0c77b
SSDEEP

1572864:ynZxbxnzRHvPlO0tDwhg3xjyIbkNu5MU+Q14AaQaMfXtMt4og:ynZxlBPc01whAbbyuEQ4lM/tMt4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10d1043d97415b9c7367bda7fe98dd09d9bdb3b6cc7df2920a1dbdb85d4fafcf.exe

Files

10d1043d97415b9c7367bda7fe98dd09d9bdb3b6cc7df2920a1dbdb85d4fafcf.exe.zip
.zip

Password: infected
10d1043d97415b9c7367bda7fe98dd09d9bdb3b6cc7df2920a1dbdb85d4fafcf.exe
.exe windows:4 windows x86

e1143db6bcf2dbd357e62b20ed09f1b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ExitWindowsEx
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
DestroyWindow
UnregisterClassA
MessageBoxA
CreateWindowExA
RegisterClassExA
DefWindowProcA
MoveWindow
LoadBitmapA
SetCursor
GetWindowTextA
GetDlgItemTextA
EndDialog
keybd_event
LoadIconA
SendMessageA
SetWindowTextA
SetDlgItemTextA
wvsprintfA
LoadStringA
DialogBoxParamA
SetWindowsHookExA
UnhookWindowsHookEx
RegisterWindowMessageA
FindWindowA
LoadCursorA
GetKeyState
CallNextHookEx
GetWindowRect
SendDlgItemMessageA
GetSystemMetrics
PostMessageA

msvcrt

_except_handler3
??3@YAXPAX@Z
_purecall
memmove
_splitpath
atoi
_mbsnbcat
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_mbsstr
_mbschr
strtoul
_mbsset
_mbsicmp
_mbslwr
memchr
_access
sprintf
_snprintf
_mbsnbcpy
__CxxFrameHandler
??2@YAPAXI@Z
_exit

msvcp60

?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Xran@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

shlwapi

PathRemoveFileSpecA
PathRemoveBlanksA
wvnsprintfA
PathUnquoteSpacesA

winmm

PlaySoundA

kernel32

LoadLibraryA
RaiseException
InterlockedExchange
GetStartupInfoA
GetCurrentThread
LocalAlloc
Sleep
GetLocalTime
SetFilePointer
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
GetSystemDirectoryA
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryA
GetPrivateProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadResource
LockResource
SizeofResource
WriteFile
CreateFileA
FindResourceA
SetCurrentDirectoryA
GetCurrentThreadId
GetTempPathA
GetModuleFileNameA
CloseHandle
DeleteFileA
FreeLibrary
InterlockedDecrement
LocalFree
FormatMessageA
GetLastError
CreateMutexA
GetVersionExA

gdi32

CreateSolidBrush

advapi32

SetSecurityDescriptorGroup
AllocateAndInitializeSid
OpenThreadToken
RegCloseKey
RegFlushKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
DuplicateToken

shell32

ShellExecuteExA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63.4MB - Virtual size: 63.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e1143db6bcf2dbd357e62b20ed09f1b3

Headers

File Characteristics

Imports

user32

msvcrt

msvcp60

shlwapi

winmm

kernel32

gdi32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 63.4MB - Virtual size: 63.4MB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 63.4MB - Virtual size: 63.4MB