12911908061[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

12911908061.zip
Size

225KB
MD5

0b9e458f4ba6d39a4164876f7aa26241
SHA1

d1c9abb4063894c76f677230b9cf0dc7b404c30b
SHA256

11482c99cc9af1145f9f9809370f7d79900585c2ede9c0192050f1877b427c52
SHA512

e444e6a5be3bde45bdf4f16ccfdd762aaf094525798ba51786c51ddf7cbd3cc67be3c5688c953360227d7964203320b3f63e0de827bca987fe3ef24b3dc9ac99
SSDEEP

6144:6vzgbVYjSI3x/lxCtw72zaGB3Yu4Rzo93q33WaTmzS:68k3x/mtwKGGSW93Q3HTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3386d5c099de6ad0348255b0caf445540973d2696a427fba3d70e23add172803

Files

12911908061.zip
.zip

Password: infected
3386d5c099de6ad0348255b0caf445540973d2696a427fba3d70e23add172803
.exe windows:4 windows x86

Password: infected

c422aece1ccba5962f1088a5de378f59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateProcessA
WinExec
GetWindowsDirectoryA
SetCurrentDirectoryA
WriteFile
SizeofResource
CopyFileA
GetTempPathA
FindResourceA
Sleep
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetModuleFileNameA
GlobalUnlock
UnmapViewOfFile
CloseHandle
LockResource
LoadResource
CreateFileA
GetCommandLineA
GetStartupInfoA
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStrings
GlobalFree
GetLastError
SetEnvironmentVariableA
CompareStringW
HeapReAlloc
HeapAlloc
HeapFree
FindFirstFileA
FindNextFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleA
WideCharToMultiByte
GetEnvironmentStringsW
GetVersion
ExitProcess
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

EnableWindow
CallWindowProcA
GetDlgItem
GetParent
SendMessageA
ReleaseDC
GetDC
DialogBoxParamA
DestroyWindow
PostQuitMessage
EndDialog
GetWindowRect
GetSystemMetrics
SetWindowPos
SetWindowTextA
GetWindowLongA
SetWindowLongA
ScreenToClient
MoveWindow

gdi32

CreateCompatibleDC
DeleteObject
CreateDIBitmap
CreatePalette
BitBlt
SelectObject
DeleteDC

version

VerInstallFileA

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c422aece1ccba5962f1088a5de378f59

Headers

File Characteristics

Imports

kernel32

user32

gdi32

version

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 188KB - Virtual size: 187KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 188KB - Virtual size: 187KB