virus[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

virus.zip
Size

4.6MB
MD5

a6bd96adaa0f84c571f89eb4a97261fe
SHA1

cd4cd246dc48f03e4f763c2f154d42c96518be2f
SHA256

5525373ab1754e4ba5acd648f33be38ce7cfa6c914d7570b64cf3eba20dd5097
SHA512

e117e465932c5c49124cc738139365609e4918f3b8b12e249eab4a4ae51d97c3d8df32e59d9bd6c29ecf2b15646fdd7175ed0966620b4221b4ccd2325d15ebe6
SSDEEP

98304:FcmClT8ByCGTpCktydOlOXaqIb6pZvzXVC8MmZM8lhQB7/hE1J3NtJd1hTZ:FZsTmyCGTp6VxppNXVC8MchIu1vtJ7j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/virus/助贷数据格式及价格/助贷数据格式及报价T10.exe

Files

virus.zip
.zip

Password: infected
virus/助贷数据格式及价格/助贷数据格式及报价T10.exe
.exe windows:4 windows x86

Password: infected

b44e5f2c3e62d67f621e553e172d0521

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2289
ord2370
ord4234
ord823
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord674
ord554
ord529
ord366
ord5252
ord2362
ord4129
ord858
ord5710
ord5683
ord537
ord1134
ord755
ord6880
ord3092
ord470
ord6334
ord4055
ord1979
ord665
ord5186
ord354
ord816
ord3908
ord562
ord1168
ord2556
ord3706
ord3626
ord2414
ord3755
ord5875
ord2754
ord2859
ord3663
ord2818
ord3573
ord3693
ord5787
ord5788
ord1641
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord5277
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord986
ord520
ord4159
ord6117
ord2621
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4858
ord6329
ord5440
ord6383
ord5450
ord6394
ord4614
ord4613
ord1920
ord4262
ord4589
ord4899
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord5290
ord3748
ord1725
ord4432
ord784
ord1146
ord517
ord804
ord693
ord5260
ord4723
ord2535
ord6131
ord6216
ord2379
ord6027
ord1175
ord6215
ord2086
ord4464
ord4224
ord2587
ord4406
ord3394
ord3729
ord2582
ord4402
ord3370
ord3640
ord567
ord2302
ord4299
ord4133
ord4297
ord6119
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord1089
ord5265
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_setmbcp
__CxxFrameHandler
rand
atoi
fclose
fopen
_except_handler3
memmove
_ftol
_controlfp
__dllonexit
_onexit

kernel32

GlobalLock
GlobalAlloc
GlobalUnlock
GetModuleHandleA
GetStartupInfoA
GlobalFree
GetModuleFileNameA
lstrcmpA
FreeLibrary
GetTickCount
CloseHandle
WriteFile
CreateFileA
LoadLibraryA
GetProcAddress

user32

SendMessageA
LoadCursorA
PtInRect
InvalidateRect
CopyRect
SetCursor
ReleaseDC
InvalidateRgn
SetRect
GetWindowRect
wsprintfA
EnableWindow
GetDC
GetClientRect
OffsetRect

gdi32

CreatePolygonRgn
GetTextExtentPoint32A
CreateRectRgnIndirect
CombineRgn
CreatePen
CreateSolidBrush
Ellipse
OffsetRgn
PtInRegion

ole32

CreateStreamOnHGlobal

olepro32

ord251

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
virus/无锡地区贷款实时数据500条.msi
.msi .vbs
virus/豆豆钱无锡贷款机房渗透格式xlsx/豆豆钱无锡贷款机房渗透格式xlsx.msi
.msi .vbs

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b44e5f2c3e62d67f621e553e172d0521

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

ole32

olepro32

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 168KB - Virtual size: 166KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 168KB - Virtual size: 166KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB