ea5ceccac636f8292292c61508ea514e4cbb8383e75c3104d7248f455b28b8ec[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ea5ceccac636f8292292c61508ea514e4cbb8383e75c3104d7248f455b28b8ec.zip.zip
Size

5.3MB
MD5

d249f2348fdd940953c857331c1aad5b
SHA1

f3662aadd158f52a84bdd6638186a6231c28bc9d
SHA256

ea46c838d3a40751f905e35baa49e4bb882f73b42ebb47b9a808ebc0f9929f14
SHA512

ba8184255f7d0cd7bf14f94d9fe91ef4ec9cb4cf00b34fc92aa5f435c1623ed657e86b1e297860d6479e6d4f040ec15f10297aad74d88239ac1e91fda44fdad0
SSDEEP

98304:o5/oC3vh82ZVrj9rNOfRo+/Ble5ncFBH/CrvydzxmWRDpOBlyMY5j7k6mR9x/wt6:o5/fpxVr9NZ+/H1Fd/gvydTRllj7k6q3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/allegro_free_viewer_15_0_setup.exe

Files

ea5ceccac636f8292292c61508ea514e4cbb8383e75c3104d7248f455b28b8ec.zip.zip
.zip

Password: infected
ea5ceccac636f8292292c61508ea514e4cbb8383e75c3104d7248f455b28b8ec.zip
.zip
allegro_free_viewer_15_0_setup.exe
.exe windows:4 windows x86

605e7cb5f104fc1295d31e7e13daf83c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoSizeA
VerQueryValueA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA

comctl32

ord17

kernel32

LocalFileTimeToFileTime
Sleep
CreateFileA
lstrcatA
CompareStringA
CompareStringW
GetVersionExA
ReadFile
SetFilePointer
SetFileAttributesA
QueryPerformanceFrequency
CreateEventA
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
LockResource
LoadResource
SetFileTime
InterlockedIncrement
GetModuleFileNameA
GetTickCount
GetSystemDefaultLCID
GlobalFree
GlobalUnlock
GlobalHandle
WriteFile
InterlockedDecrement
GetPrivateProfileSectionA
SetCurrentDirectoryA
lstrcmpA
MoveFileA
GetSystemInfo
SetLastError
IsValidCodePage
LocalFree
FormatMessageA
GetDiskFreeSpaceA
_lclose
OpenFile
GetDriveTypeA
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
GetExitCodeProcess
CreateProcessA
GetCurrentProcess
GetCurrentThread
GetLocaleInfoA
GetTempPathA
SetErrorMode
GetWindowsDirectoryA
GetTempFileNameA
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
lstrlenA
DeleteFileA
CloseHandle
lstrlenW
CopyFileA
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
MultiByteToWideChar
lstrcmpiA
GlobalLock
GetPrivateProfileIntA
GlobalAlloc
SizeofResource
FindResourceA
SetStdHandle
LCMapStringW
IsBadReadPtr
GetStringTypeW
IsBadCodePtr
FlushFileBuffers
GetFileType
LCMapStringA
GetStringTypeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
LeaveCriticalSection
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetEnvironmentStrings
EnterCriticalSection
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
TerminateProcess
ExitProcess
RaiseException
HeapFree
HeapAlloc
RtlUnwind
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
WaitForSingleObject
lstrcpynA
SearchPathA
FindFirstFileA
VirtualProtect
VirtualQuery
FindClose

user32

DrawIcon
DestroyIcon
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
SetTimer
PostQuitMessage
KillTimer
PostMessageA
DefWindowProcA
wsprintfA
GetDesktopWindow
DialogBoxParamA
IsWindow
GetDlgItem
EndDialog
ReleaseDC
GetWindowDC
SetWindowPos
ClientToScreen
GetClientRect
SetWindowLongA
EndPaint
SendDlgItemMessageA
ExitWindowsEx
MsgWaitForMultipleObjects
CharPrevA
LoadStringA
SetCursor
GetDlgItemTextA
EnableWindow
MessageBoxA
GetParent
GetSystemMetrics
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
MoveWindow
GetWindowPlacement
SetWindowTextA
GetDC
FillRect
PeekMessageA
MessageBoxIndirectA
DestroyWindow
CreateDialogParamA
BeginPaint
CharNextA
GetWindowLongA
SendMessageA
IsDialogMessageA
GetDlgCtrlID
CharLowerBuffA

gdi32

DeleteObject
BitBlt
SelectObject
DeleteDC
CreateFontIndirectA
GetDeviceCaps
CreateCompatibleDC
SetTextColor
SetBkMode
GetObjectA
TranslateCharsetInfo
GetTextExtentPointA
GetStockObject
CreateDIBitmap

advapi32

AllocateAndInitializeSid
RegQueryValueA
RegOpenKeyA
RegCloseKey
RegSetValueExA
OpenThreadToken
GetTokenInformation
FreeSid
EqualSid
RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

ole32

StgOpenStorage
StgIsStorageFile

oleaut32

SysFreeString
SysStringLen
SysAllocString
SysAllocStringLen

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

605e7cb5f104fc1295d31e7e13daf83c

Headers

File Characteristics

Imports

version

shell32

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 48KB - Virtual size: 45KB