1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385.zip
Size

1.2MB
MD5

8b750eaf94997b8b011124c748088513
SHA1

c4db5fdc06f191dda8210c3931747793a472d9ad
SHA256

5d1ec1e5aa5f500b2e934784e8480de339379344831caa1868eb2b2711795b3f
SHA512

ee9fd650719421e43b34c01098d566af61e5224ebef50611874815310ffbbc558e2f59ede7e97790d10747a96ded1d498f86f07f3442eb9e7d85706babe27008
SSDEEP

24576:J2HwPQRh8eXgqB5KvD+M/JGVXNDwp7OrnTOhPzOGwdVhS3vjjalD:0QoRhpV4/+9DVb1y3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385

Files

1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385.zip
.zip

Password: infected
1232d3aed4a46219093ac9ed94e27be3bfc5c99e17b0b9c6dcc0734022e35385
.dll windows:5 windows x86

Password: infected

d0d7e5f614f1668a3b1d0c11c33174fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
ConvertThreadToFiber
CreateFiber
SwitchToFiber
CreateActCtxA
ActivateActCtx
OpenThread
GetFileAttributesA
FindFirstFileA
FindNextFileA
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
VirtualAlloc
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStringTypeW
GetLastError
SetLastError
MultiByteToWideChar
GetACP
EncodePointer
DecodePointer
HeapAlloc
HeapFree
GetModuleHandleW
GetProcAddress
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
FreeLibrary
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
RaiseException
RtlUnwind
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CloseHandle
CreateFileW

Exports

Exports

EZLIPo5E
FyTjr
PFrdne5RL
StartDll
TAFxTTG

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 497KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d0d7e5f614f1668a3b1d0c11c33174fc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 497KB - Virtual size: 499KB

.gfids Size: 512B - Virtual size: 68B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 497KB - Virtual size: 499KB

.gfids
Size: 512B - Virtual size: 68B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB