MDE_File_Sample_b01ad73f2569bcaae1ecf1dff8952fe1d3a8360c[.]zip

Resubmissions

13/11/2023, 13:00

231113-p8l43acg4y 3

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_b01ad73f2569bcaae1ecf1dff8952fe1d3a8360c.zip
Size

69KB
MD5

3ec3e8cea5f135877d2f26c6732e0b87
SHA1

93481d271e4d292903d52aaefee871fa8feb1e70
SHA256

5666a7ac7c5f97a201000b73a524f7b0d5aaec54a3e05566cb567bba3162eba8
SHA512

d3df5086106e951c680e402b9e014382d521fa963ac93c08e1cc2689a3e26367de0ec5c50236c1326e672eeadc259e2923786eca11df07287b13ee81d8dca9bc
SSDEEP

1536:/aOuD51XfqYkI8gkykUDKkFQvvqDA1puYjlsFRqvsDH8g:IDfSnI8gkydKkF4R1ppBWVDHv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cscript.exe

Files

MDE_File_Sample_b01ad73f2569bcaae1ecf1dff8952fe1d3a8360c.zip
.zip

Password: infected
cscript.exe
.exe windows:10 windows x64

Password: infected

e26852ef46cfcdc679c63dc95116db13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SearchPathW
MapViewOfFile
GetFileSize
CreateFileMappingA
UnmapViewOfFile
SetLastError
GetPrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringW
GetPrivateProfileIntW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetVersionExW
FindResourceExW
LoadResource
CreateFileMappingW
ExitProcess
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
GetCommandLineW
WideCharToMultiByte
WriteConsoleW
GetLastError
GetConsoleMode
WriteFile
CreateFileW
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalAlloc
FormatMessageW
GetProcAddress
LocalFree
FormatMessageA
LoadLibraryExW
FindFirstFileW
FindFirstFileA
FindClose
GetFileAttributesW
GetACP
GetFileAttributesA
GetCPInfo
GetModuleFileNameA
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
CloseHandle
SetEvent
CreateThread
CreateEventA
GetUserDefaultLCID
LoadLibraryExA
GetTempPathA
CreateFileA
GetSystemDirectoryA
GetTempFileNameA
FlushFileBuffers
GetFullPathNameW
GetFullPathNameA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap

msvcrt

_callnewh
malloc
memset
wcscat_s
wcscpy_s
_vsnwprintf
_wcsicmp
_wcsnicmp
wcsncmp
_itow_s
_itow
wcsrchr
strcpy_s
_swab
memmove
_vsnprintf
sprintf_s
swprintf_s
__C_specific_handler
memcmp
memcpy
bsearch
free

oleaut32

SysStringLen
SafeArrayGetLBound
SafeArrayCopy
LoadRegTypeLi
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayPutElement
SysFreeString
SafeArrayCreate
LoadTypeLi
SafeArrayGetElement
VariantChangeType
VariantInit
VariantCopy
SysAllocStringLen
VariantClear
SetErrorInfo
CreateErrorInfo
SysAllocString

ole32

MkParseDisplayName
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoRegisterMessageFilter
CoInitializeSecurity
CoGetTreatAsClass
CreateFileMoniker
CreateBindCtx
CoInitialize
CoUninitialize
CoGetClassObject

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA

advapi32

RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
ImpersonateLoggedOnUser
IsTextUnicode
DeregisterEventSource
GetUserNameW
RegisterEventSourceW
ReportEventW
LookupAccountNameW
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA

user32

GetClassNameA
PostMessageA
IsWindowVisible
DispatchMessageA
GetMessageA
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
LoadStringA
CharNextA
GetWindowLongPtrA
KillTimer
PostQuitMessage
GetParent
SetWindowLongPtrA
PeekMessageA
EnumThreadWindows
MsgWaitForMultipleObjects
SetTimer
RegisterClassA
DefWindowProcA
CreateWindowExA
TranslateMessage
GetClassInfoA
SendMessageA

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e26852ef46cfcdc679c63dc95116db13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

oleaut32

ole32

version

advapi32

user32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 3KB - Virtual size: 2KB