MDE_File_Sample_447ec979c4b2c53c21b17bd9c2f7d67a9f967108[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_447ec979c4b2c53c21b17bd9c2f7d67a9f967108.zip
Size

11KB
MD5

4758e236618038b26ca119da157803be
SHA1

d0620d06a44547f801600ff5ee6d402d26e7d4c1
SHA256

66927f54e6eb8f48008ab79747d483c79035b377530cebc6023edf079e941ea9
SHA512

76bfe66b72cb1aa4fd386b9578a531f1daf54dcfad0fe83dda864de712c92bca480993de5a1d97ebd10f67fa758d72e1944c8c9415c30cd6b5e4b6c5650c1e82
SSDEEP

192:XexAwUAdDVSWx/4BVAY5YHC5SB+fjTTdzVQ3Qvu86NXztgHcOaIs7RGpjeIe8stv:XAd5x/SAYFr3dugW/NXztKaHNGpeIAnv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/w3wp.exe

Files

MDE_File_Sample_447ec979c4b2c53c21b17bd9c2f7d67a9f967108.zip
.zip

Password: Jintest
w3wp.exe
.exe windows:10 windows x64 arch:x64

Password: Jintest

6e62e5f087316547aab36ed54a5e50b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
_XcptFilter
__set_app_type
_wcsicmp
wcstoul
swprintf_s
_wsetlocale
printf
_ultow
towupper
_getwch
wprintf
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
__wgetmainargs
_vsnwprintf
memset

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
ExitProcess
GetCurrentProcess
OpenThreadToken
SetThreadToken

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-console-l2-2-0

SetConsoleTitleW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
LoadStringW
GetProcAddress
GetModuleHandleW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

RevertToSelf

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

GetFullPathNameW

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-perfcounters-l1-1-0

PerfStopProvider
PerfStartProvider
PerfSetCounterSetInfo

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask

ntdll

NtQuerySystemTime
RtlSystemTimeToLocalTime
RtlTimeToTimeFields

iisutil

InitializeSdFromProcessToken
?Append@STRU@@QEAAJPEBG@Z
??0STRU@@QEAA@XZ
PuDbgPrintError
PuLoadDebugFlagsFromRegStr
?Copy@STRU@@QEAAJPEBGK@Z
?Copy@STRU@@QEAAJPEBG@Z
MakePathCanonicalizationProof
??1STRU@@QEAA@XZ
?Resize@STRU@@QEAAJK@Z
PuDbgPrint
??0STRU@@QEAA@PEAGK@Z

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Jintest

Password: Jintest

6e62e5f087316547aab36ed54a5e50b9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-perfcounters-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

ntdll

iisutil

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 384B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 32B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 384B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 32B