95e956cf7441b7cf8c3e698c613926f92824f346e829ed1599e75413332cb817[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

95e956cf7441b7cf8c3e698c613926f92824f346e829ed1599e75413332cb817.exe.zip
Size

4.2MB
MD5

a360ecbcfdff81515287edc9f9f6d4e7
SHA1

2f9905ca782d994e268e7346c57ec3138c554c0c
SHA256

693ac04055cfec47114b0b0017bbf08501dd3df0e838c4577e33ae0d26280f22
SHA512

726781ebfc3585c1ed0bb318aae28a2ed4fc2da64dda2faddd95bfb101f32847ae1aa3060757306029d582fced51e17d98d481770a689fbb7abadc4b36e6d4aa
SSDEEP

98304:CTE+X3nyU/t5QXNHzIw5js6yCebH95uTiXmBbdVDc8622U4:CnHnPtWZc8JMH2+2BR622U4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/95e956cf7441b7cf8c3e698c613926f92824f346e829ed1599e75413332cb817.exe

Files

95e956cf7441b7cf8c3e698c613926f92824f346e829ed1599e75413332cb817.exe.zip
.zip

Password: infected
95e956cf7441b7cf8c3e698c613926f92824f346e829ed1599e75413332cb817.exe
.exe windows:4 windows x86

605e7cb5f104fc1295d31e7e13daf83c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

comctl32

ord17

kernel32

LocalFileTimeToFileTime
Sleep
CreateFileA
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
ReadFile
SetFilePointer
SetFileAttributesA
QueryPerformanceFrequency
CreateEventA
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
LoadResource
SetFileTime
InterlockedIncrement
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalFree
GlobalUnlock
GlobalHandle
WriteFile
InterlockedDecrement
GetPrivateProfileSectionA
SetCurrentDirectoryA
lstrcmpA
MoveFileA
GetSystemInfo
SetLastError
IsValidCodePage
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetTempPathA
SetErrorMode
GetWindowsDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
lstrlenA
DeleteFileA
CloseHandle
lstrlenW
CopyFileA
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
MultiByteToWideChar
lstrcmpiA
GlobalLock
GetPrivateProfileIntA
GlobalAlloc
SizeofResource
FindResourceA
SetStdHandle
LCMapStringW
IsBadReadPtr
GetStringTypeW
IsBadCodePtr
FlushFileBuffers
GetFileType
LCMapStringA
GetStringTypeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
LeaveCriticalSection
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetEnvironmentStrings
EnterCriticalSection
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
RaiseException
HeapFree
HeapAlloc
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose

user32

DrawIcon
DestroyIcon
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
wsprintfA
GetDesktopWindow
DialogBoxParamA
IsWindow
GetDlgItem
EndDialog
ReleaseDC
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
SendDlgItemMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
CharPrevA
LoadStringA
SetCursor
GetDlgItemTextA
EnableWindow
MessageBoxA
GetParent
GetSystemMetrics
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
MoveWindow
GetWindowPlacement
SetWindowTextA
GetDC
FillRect
PeekMessageA
MessageBoxIndirectA
DestroyWindow
CreateDialogParamA
BeginPaint
CharNextA
GetWindowLongA
SendMessageA
IsDialogMessageA
GetDlgCtrlID
CharLowerBuffA

gdi32

DeleteObject
BitBlt
SelectObject
DeleteDC
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
GetStockObject
CreateDIBitmap

advapi32

AllocateAndInitializeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegSetValueExA
OpenThreadToken
GetTokenInformation
FreeSid
EqualSid
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ole32

StgOpenStorage
StgIsStorageFile

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

605e7cb5f104fc1295d31e7e13daf83c

Headers

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 48KB - Virtual size: 45KB