eaf769887cd14d6a169c4bcae6b59438b27631392d1de9a5878d152a8d43f1e2[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

eaf769887cd14d6a169c4bcae6b59438b27631392d1de9a5878d152a8d43f1e2.zip.zip
Size

2.1MB
MD5

b64f33d574d45d4d12fb3fc5ec8e7168
SHA1

bdafb1d48722d4a350f6149ce7158137b4ce9d41
SHA256

b5c14c9e15e9115153a796fafffcbb183fdd1a8a9916e47b4e49b2334dcd17bb
SHA512

e9de4497f2fde4642c7bbb8e56341da0fea14ed37610589f49182c67da59d5625ca4bdc67576fd89fbe8563039f4afb2e461d35281e8c2bd13ef94336dc0d288
SSDEEP

49152:UTuS/7syofX7jcQA4WNuN/mnRJhhEqNTs2USNy+d:47RGX7YQA4WcRwRbhJTsbE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/kslv01.dll

Files

eaf769887cd14d6a169c4bcae6b59438b27631392d1de9a5878d152a8d43f1e2.zip.zip
.zip

Password: infected
eaf769887cd14d6a169c4bcae6b59438b27631392d1de9a5878d152a8d43f1e2.zip
.rar
Keymaps.txt
images/blr01.jpg
.jpg
images/k2j.jpg
.jpg
images/vk20110713.png
.png
kanscan.cfg
kanscanv2.2.002.jar
.jar
kslv01.dll
.dll windows:4 windows x86

9de1355d07883bc2876df8f3deeb924c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
GetLastError
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_strcmpi
_strdup
__dllonexit
_errno
_iob
abort
calloc
fclose
fflush
fgetc
fgets
fopen
fprintf
free
fwrite
localtime
malloc
memcpy
memset
printf
sprintf
sscanf
strcat
strcmp
strcpy
strlen
strtok
time
vfprintf

Exports

Exports

Java_ocr_OCRServer_GetLetModifierUCodeArray
Java_ocr_OCRServer_GetLetModifierUCodeArray@16
Java_ocr_OCRServer_GetPhonic
Java_ocr_OCRServer_GetPhonic@12
Java_ocr_OCRServer_GetUCode
Java_ocr_OCRServer_GetUCode@12
Java_ocr_ocrgui_nativeMethod
Java_ocr_ocrgui_nativeMethod@12

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 1024B - Virtual size: 709B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/35
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/51
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/77
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/89
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lib/ksutils.jar
.jar
ocr.jar
.jar
product.lic

Sharing

General

Malware Config

Signatures

Files

Password: infected

9de1355d07883bc2876df8f3deeb924c

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 403B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 1KB - Virtual size: 1KB

.stab Size: 61KB - Virtual size: 60KB

.stabstr Size: 340KB - Virtual size: 340KB

/4 Size: 512B - Virtual size: 192B

/19 Size: 1024B - Virtual size: 709B

/35 Size: 1KB - Virtual size: 1KB

/51 Size: 8KB - Virtual size: 8KB

/63 Size: 2KB - Virtual size: 1KB

/77 Size: 2KB - Virtual size: 2KB

/89 Size: 1024B - Virtual size: 908B

/102 Size: 512B - Virtual size: 192B

/113 Size: 2KB - Virtual size: 2KB

/124 Size: 512B - Virtual size: 88B

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 403B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

.stab
Size: 61KB - Virtual size: 60KB

.stabstr
Size: 340KB - Virtual size: 340KB

/4
Size: 512B - Virtual size: 192B

/19
Size: 1024B - Virtual size: 709B

/35
Size: 1KB - Virtual size: 1KB

/51
Size: 8KB - Virtual size: 8KB

/63
Size: 2KB - Virtual size: 1KB

/77
Size: 2KB - Virtual size: 2KB

/89
Size: 1024B - Virtual size: 908B

/102
Size: 512B - Virtual size: 192B

/113
Size: 2KB - Virtual size: 2KB

/124
Size: 512B - Virtual size: 88B