dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08.zip
Size

1.1MB
MD5

8f2420c1716dbb976bee8ca12a3fc391
SHA1

874264cf0c549eec2fd7ee725c7a9657a79d6b75
SHA256

3e7e690702f2df2cc801fed32a394dab08c21b335f28c8384b9f8a012b195640
SHA512

dfba53e794e73b022aa7a13a031f1b487a1581a0048e12aeafdbd0f63f450a940ff39e21269ab64abeb6b36591a1d861822e6bd174e1e7eebc6f95efe3814fc6
SSDEEP

24576:OwGKBGuyzyvaWEEcFVZcf1ZitdbgNMTKAUI5ooUrIIuS:h9gzyv8EcFVQodcwBU6ooUrI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/update.exe

Files

dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08.zip
.zip

Password: infected
dfa2c76389bca9c252f55cc734bee1563f890911b6153320f6e3312328755b08.iso
.iso .vbs
10700_SR_EN.pdf.vbs
.vbs
PR10559_SR_EN.pdf
.pdf
update.exe
.exe windows:6 windows x86

96baacc90461fcd4b5d9fcc50047c098

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DeleteAce

kernel32

FreeConsole
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
CreateFileW
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Exports

Exports

_LoadEnvironment@0

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 459KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

96baacc90461fcd4b5d9fcc50047c098

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 459KB - Virtual size: 463KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 459KB - Virtual size: 463KB

.reloc
Size: 7KB - Virtual size: 6KB