4c7d5ae6fefb8f53e0f557a241f95a677482bc4219c1d91573425ebc0cb44830[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

4c7d5ae6fefb8f53e0f557a241f95a677482bc4219c1d91573425ebc0cb44830.zip
Size

624KB
MD5

a91cc8bb208af2b1b8c80df63d39126b
SHA1

54c8192a2ae44908e11d49372c62bed51c7e7898
SHA256

a166c8c6ef4865b97314ba105b36058cbdefd9089c062e6f86c311633c5f2cd1
SHA512

ececf922550aa72441b596cc66dc1058180a533f9c754fc1e53ce9e04812e1dd1dbd71657f580a5826c392f7bfe344935845a9d9f95640a213d8e5d4b3c33d20
SSDEEP

12288:BSH+pk/Kb5GoVf1bQGcqwOHu8LhTzu/qF0zivzLETyoZ6+lvn:BSH+qS1GO12qbH/L4quq/Eeoowvn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4c7d5ae6fefb8f53e0f557a241f95a677482bc4219c1d91573425ebc0cb44830.dll

Files

4c7d5ae6fefb8f53e0f557a241f95a677482bc4219c1d91573425ebc0cb44830.zip
.zip

Password: infected
4c7d5ae6fefb8f53e0f557a241f95a677482bc4219c1d91573425ebc0cb44830.dll
.dll windows:4 windows x86 arch:x86

Password: infected

efd28f0dcf3f9285f6fdf12beacfdb86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

BeginPath
BitBlt
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
ExtCreatePen
ExtCreateRegion
ExtEscape
ExtSelectClipRgn
ExtTextOutW
FillPath
GdiFlush
GetCharWidth32A
GetClipBox
GetClipRgn
GetDeviceCaps
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineW
GetGraphicsMode
GetObjectW
GetOutlineTextMetricsA
GetRegionData
GetStockObject
GetTextMetricsA
GetWorldTransform
IntersectClipRect
LineTo
ModifyWorldTransform
MoveToEx
PatBlt
PolyBezierTo
RestoreDC
SaveDC
SelectClipPath
SelectClipRgn
SelectObject
SetBkMode
SetBrushOrgEx
SetGraphicsMode
SetMapMode
SetMiterLimit
SetPolyFillMode
SetStretchBltMode
SetTextAlign
SetTextColor
SetWorldTransform
StretchBlt
StretchDIBits
StrokePath
WidenPath

kernel32

CloseHandle
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FormatMessageW
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetTempFileNameW
GetTempPathW
GetVersionExA
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_strdup
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_close
_errno
_hypot
_iob
_isctype
_open_osfhandle
_pctype
_setjmp
_snprintf
_winmajor
abort
acos
atan2
calloc
ceil
cos
ctime
fclose
fflush
floor
fmod
fopen
fprintf
fputc
fread
free
fwprintf
fwrite
getenv
ldiv
localeconv
longjmp
malloc
memcpy
memmove
pow
qsort
rand
realloc
rewind
sin
sqrt
strchr
strcmp
strlen
strncmp
strncpy
strtol
tan
time
vfprintf
wcslen

msimg32

GradientFill

Exports

Exports

xairo_append_path
xairo_arc
xairo_arc_negative
xairo_clip
xairo_clip_extents
xairo_clip_preserve
xairo_close_path
xairo_copy_clip_rectangle_list
xairo_copy_page
xairo_copy_path
xairo_copy_path_flat
xairo_create
xairo_curve_to
xairo_debug_reset_static_data
xairo_destroy
xairo_device_acquire
xairo_device_destroy
xairo_device_finish
xairo_device_flush
xairo_device_get_reference_count
xairo_device_get_type
xairo_device_get_user_data
xairo_device_reference
xairo_device_release
xairo_device_set_user_data
xairo_device_status
xairo_device_to_user
xairo_device_to_user_distance
xairo_fill
xairo_fill_extents
xairo_fill_preserve
xairo_font_extents
xairo_font_face_destroy
xairo_font_face_get_reference_count
xairo_font_face_get_type
xairo_font_face_get_user_data
xairo_font_face_reference
xairo_font_face_set_user_data
xairo_font_face_status
xairo_font_options_copy
xairo_font_options_create
xairo_font_options_destroy
xairo_font_options_equal
xairo_font_options_get_antialias
xairo_font_options_get_hint_metrics
xairo_font_options_get_hint_style
xairo_font_options_get_subpixel_order
xairo_font_options_hash
xairo_font_options_merge
xairo_font_options_set_antialias
xairo_font_options_set_hint_metrics
xairo_font_options_set_hint_style
xairo_font_options_set_subpixel_order
xairo_font_options_status
xairo_format_stride_for_width
xairo_ft_font_face_create_for_ft_face
xairo_ft_font_face_create_for_pattern
xairo_ft_font_options_substitute
xairo_ft_scaled_font_lock_face
xairo_ft_scaled_font_unlock_face
xairo_get_antialias
xairo_get_current_point
xairo_get_dash
xairo_get_dash_count
xairo_get_fill_rule
xairo_get_font_face
xairo_get_font_matrix
xairo_get_font_options
xairo_get_group_target
xairo_get_line_cap
xairo_get_line_join
xairo_get_line_width
xairo_get_matrix
xairo_get_miter_limit
xairo_get_operator
xairo_get_reference_count
xairo_get_scaled_font
xairo_get_source
xairo_get_target
xairo_get_tolerance
xairo_get_user_data
xairo_glyph_allocate
xairo_glyph_extents
xairo_glyph_free
xairo_glyph_path
xairo_has_current_point
xairo_identity_matrix
xairo_image_surface_create
xairo_image_surface_create_for_data
xairo_image_surface_create_from_png
xairo_image_surface_create_from_png_stream
xairo_image_surface_get_data
xairo_image_surface_get_format
xairo_image_surface_get_height
xairo_image_surface_get_stride
xairo_image_surface_get_width
xairo_in_clip
xairo_in_fill
xairo_in_stroke
xairo_line_to
xairo_mask
xairo_mask_surface
xairo_matrix_init
xairo_matrix_init_identity
xairo_matrix_init_rotate
xairo_matrix_init_scale
xairo_matrix_init_translate
xairo_matrix_invert
xairo_matrix_multiply
xairo_matrix_rotate
xairo_matrix_scale
xairo_matrix_transform_distance
xairo_matrix_transform_point
xairo_matrix_translate
xairo_move_to
xairo_new_path
xairo_new_sub_path
xairo_paint
xairo_paint_with_alpha
xairo_path_destroy
xairo_path_extents
xairo_pattern_add_color_stop_rgb
xairo_pattern_add_color_stop_rgba
xairo_pattern_create_for_surface
xairo_pattern_create_linear
xairo_pattern_create_radial
xairo_pattern_create_rgb
xairo_pattern_create_rgba
xairo_pattern_destroy
xairo_pattern_get_color_stop_count
xairo_pattern_get_color_stop_rgba
xairo_pattern_get_extend
xairo_pattern_get_filter
xairo_pattern_get_linear_points
xairo_pattern_get_matrix
xairo_pattern_get_radial_circles
xairo_pattern_get_reference_count
xairo_pattern_get_rgba
xairo_pattern_get_surface
xairo_pattern_get_type
xairo_pattern_get_user_data
xairo_pattern_reference
xairo_pattern_set_extend
xairo_pattern_set_filter
xairo_pattern_set_matrix
xairo_pattern_set_user_data
xairo_pattern_status
xairo_pdf_get_versions
xairo_pdf_surface_create
xairo_pdf_surface_create_for_stream
xairo_pdf_surface_restrict_to_version
xairo_pdf_surface_set_size
xairo_pdf_version_to_string
xairo_pop_group
xairo_pop_group_to_source
xairo_ps_get_levels
xairo_ps_level_to_string
xairo_ps_surface_create
xairo_ps_surface_create_for_stream
xairo_ps_surface_dsc_begin_page_setup
xairo_ps_surface_dsc_begin_setup
xairo_ps_surface_dsc_comment
xairo_ps_surface_get_eps
xairo_ps_surface_restrict_to_level
xairo_ps_surface_set_eps
xairo_ps_surface_set_size
xairo_push_group
xairo_push_group_with_content
xairo_recording_surface_create
xairo_recording_surface_ink_extents
xairo_rectangle
xairo_rectangle_list_destroy
xairo_reference
xairo_region_contains_point
xairo_region_contains_rectangle
xairo_region_copy
xairo_region_create
xairo_region_create_rectangle
xairo_region_create_rectangles
xairo_region_destroy
xairo_region_equal
xairo_region_get_extents
xairo_region_get_rectangle
xairo_region_intersect
xairo_region_intersect_rectangle
xairo_region_is_empty
xairo_region_num_rectangles
xairo_region_reference
xairo_region_status
xairo_region_subtract
xairo_region_subtract_rectangle
xairo_region_translate
xairo_region_union
xairo_region_union_rectangle
xairo_region_xor
xairo_region_xor_rectangle
xairo_rel_curve_to
xairo_rel_line_to
xairo_rel_move_to
xairo_reset_clip
xairo_restore
xairo_rotate
xairo_save
xairo_scale
xairo_scaled_font_create
xairo_scaled_font_destroy
xairo_scaled_font_extents
xairo_scaled_font_get_ctm
xairo_scaled_font_get_font_face
xairo_scaled_font_get_font_matrix
xairo_scaled_font_get_font_options
xairo_scaled_font_get_reference_count
xairo_scaled_font_get_scale_matrix
xairo_scaled_font_get_type
xairo_scaled_font_get_user_data
xairo_scaled_font_glyph_extents
xairo_scaled_font_reference
xairo_scaled_font_set_user_data
xairo_scaled_font_status
xairo_scaled_font_text_extents
xairo_scaled_font_text_to_glyphs
xairo_select_font_face
xairo_set_antialias
xairo_set_dash
xairo_set_fill_rule
xairo_set_font_face
xairo_set_font_matrix
xairo_set_font_options
xairo_set_font_size
xairo_set_line_cap
xairo_set_line_join
xairo_set_line_width
xairo_set_matrix
xairo_set_miter_limit
xairo_set_operator
xairo_set_scaled_font
xairo_set_source
xairo_set_source_rgb
xairo_set_source_rgba
xairo_set_source_surface
xairo_set_tolerance
xairo_set_user_data
xairo_show_glyphs
xairo_show_page
xairo_show_text
xairo_show_text_glyphs
xairo_status
xairo_status_to_string
xairo_stroke
xairo_stroke_extents
xairo_stroke_preserve
xairo_surface_copy_page
xairo_surface_create_for_rectangle
xairo_surface_create_similar
xairo_surface_destroy
xairo_surface_finish
xairo_surface_flush
xairo_surface_get_content
xairo_surface_get_device
xairo_surface_get_device_offset
xairo_surface_get_fallback_resolution
xairo_surface_get_font_options
xairo_surface_get_mime_data
xairo_surface_get_reference_count
xairo_surface_get_type
xairo_surface_get_user_data
xairo_surface_has_show_text_glyphs
xairo_surface_mark_dirty
xairo_surface_mark_dirty_rectangle
xairo_surface_reference
xairo_surface_set_device_offset
xairo_surface_set_fallback_resolution
xairo_surface_set_mime_data
xairo_surface_set_user_data
xairo_surface_show_page
xairo_surface_status
xairo_surface_write_to_png
xairo_surface_write_to_png_stream
xairo_svg_get_versions
xairo_svg_surface_create
xairo_svg_surface_create_for_stream
xairo_svg_surface_restrict_to_version
xairo_svg_version_to_string
xairo_text_cluster_allocate
xairo_text_cluster_free
xairo_text_extents
xairo_text_path
xairo_toy_font_face_create
xairo_toy_font_face_get_family
xairo_toy_font_face_get_slant
xairo_toy_font_face_get_weight
xairo_transform
xairo_translate
xairo_user_font_face_create
xairo_user_font_face_get_init_func
xairo_user_font_face_get_render_glyph_func
xairo_user_font_face_get_text_to_glyphs_func
xairo_user_font_face_get_unicode_to_glyph_func
xairo_user_font_face_set_init_func
xairo_user_font_face_set_render_glyph_func
xairo_user_font_face_set_text_to_glyphs_func
xairo_user_font_face_set_unicode_to_glyph_func
xairo_user_to_device
xairo_user_to_device_distance
xairo_version
xairo_version_string
xairo_win32_font_face_create_for_hfont
xairo_win32_font_face_create_for_logfontw
xairo_win32_font_face_create_for_logfontw_hfont
xairo_win32_printing_surface_create
xairo_win32_scaled_font_done_font
xairo_win32_scaled_font_get_device_to_logical
xairo_win32_scaled_font_get_logical_to_device
xairo_win32_scaled_font_get_metrics_factor
xairo_win32_scaled_font_select_font
xairo_win32_surface_create
xairo_win32_surface_create_with_ddb
xairo_win32_surface_create_with_dib
xairo_win32_surface_get_dc
zertc

Sections

.text
Size: 952KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

efd28f0dcf3f9285f6fdf12beacfdb86

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

msimg32

Exports

Exports

Sections

.text Size: 952KB - Virtual size: 952KB

.data Size: 512B - Virtual size: 68B

.rdata Size: 70KB - Virtual size: 70KB

.eh_fram Size: 512B - Virtual size: 424B

.bss Size: - Virtual size: 6KB

.edata Size: 11KB - Virtual size: 11KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 124KB - Virtual size: 121KB

.text
Size: 952KB - Virtual size: 952KB

.data
Size: 512B - Virtual size: 68B

.rdata
Size: 70KB - Virtual size: 70KB

.eh_fram
Size: 512B - Virtual size: 424B

.bss
Size: - Virtual size: 6KB

.edata
Size: 11KB - Virtual size: 11KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 124KB - Virtual size: 121KB