Veeam_update[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Veeam_update.zip
Size

129KB
MD5

c0440d36f3e206706bc9f3397f56db5f
SHA1

70c78f721663d07b7ee5bbaf9b521bd20f8aac1d
SHA256

f21d0db6a5f2f15e68393ad1272f5fe54d6957183ba95c2e0e27d57beaf2e1a4
SHA512

6f8321d81e99c6ca30196b51f804121bd1a6aa8b946836eebed0664eba497304d05b4c39e649cdcd9e707965df59cbf1aa8112c2bd2362aae631320c8621b3c4
SSDEEP

3072:/E+7djXMNvqzG47GkfpwL0pNhZjNvOrcXpFwIhDW:c+7dmqzjpu2dFOapFwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Veeam_update.exe

Files

Veeam_update.zip
.zip

Password: infected
Veeam_update.exe
.exe windows:6 windows x64 arch:x64

Password: infected

dc628b474de695d233f6a1bd23b00e88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

setsockopt
ntohs
WSAStartup
__WSAFDIsSet
select
accept
bind
closesocket
gethostbyname
ntohl
shutdown
listen
getpeername
getsockname
send
socket
connect
recvfrom
recv
getsockopt
htonl
htons
WSAPoll
sendto
ioctlsocket
WSAGetLastError

kernel32

WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
Sleep
LoadLibraryA
CloseHandle
GetProcAddress
DeleteCriticalSection
ExitProcess
GetFileType
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
LCMapStringW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
RtlUnwindEx
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetTimeZoneInformation
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpSetOption
WinHttpWebSocketReceive
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketSend

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dc628b474de695d233f6a1bd23b00e88

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

winhttp

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 14KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 252B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 252B

.reloc
Size: 2KB - Virtual size: 2KB