e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.zip
Size

2.0MB
MD5

592a72b9849831b37e9c01f7f5a9df40
SHA1

723beed60aeb7e65f2061fcc4ab7b41daa37064a
SHA256

cbe037317e5838d5e4e26be1ee40cab2cba6bfb119b7424a71348b6dde38fdd7
SHA512

358cf46253ad3259e7e59cb59d71b2f9ee23f6929522d5f86ef64d4ac56509ae129ed72c86afa3320d40e41a001175f3f199b142406231a0800c8764b5957ded
SSDEEP

49152:UMJ+CKWfXLBU0aQzhGpAWpcqs8uA7rgmd:UMJ9KadlaQzgA9sH/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.exe

Files

e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.zip
.zip

Password: infected
e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.exe
.exe windows:6 windows x64 arch:x64

Password: infected

5f091eecefc1b49cd7a2a9cf6847cbb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx

ws2_32

getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
WSAPoll
send
getpeername
connect
WSAGetLastError
ntohl
WSAAddressToStringW
htonl
htons
WSACleanup
WSAStartup
select
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
gethostname

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

shlwapi

PathIsURLW
PathIsRelativeW
PathRelativePathToW
PathIsSameRootW
PathRemoveBackslashW
PathAddBackslashW
PathAppendW
PathFileExistsW

rpcrt4

UuidCreate
UuidToStringW

fwpuclnt

FwpmTransactionCommit0
FwpmEngineClose0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmCalloutAdd0
FwpmSubLayerAdd0
FwpmFilterAdd0

kernel32

GetTimeFormatW
GetDateFormatW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
FormatMessageA
LocalFree
GetLastError
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
DeleteFileW
MoveFileExW
Sleep
DeviceIoControl
CancelIo
GetOverlappedResult
LoadLibraryW
GetProcAddress
VirtualProtect
WriteProcessMemory
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetLocalTime
CreateDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileTime
InitializeCriticalSection
DeleteCriticalSection
ResumeThread
SetThreadPriority
GetTickCount
SetProcessWorkingSetSize
GetVersionExW
GetSystemInfo
OpenMutexW
CreateMutexW
SetUnhandledExceptionFilter
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
FreeResource
MulDiv
ReleaseMutex
FormatMessageW
GetStartupInfoW
GetEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
CompareStringW
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
PeekNamedPipe
GetFileInformationByHandle
SetFilePointerEx
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
GetCPInfo
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FindClose
FileTimeToLocalFileTime
LoadLibraryExW
ExitThread
GetFileType
RtlPcToFileHeader
DecodePointer
EncodePointer
GetStringTypeW
ExpandEnvironmentStringsW
SetLastError
SleepEx
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
ReadFile
WriteFile
SetEnvironmentVariableA
SetFilePointer
CreateFileA
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
LCMapStringW
IsValidLocale
GetLocaleInfoW
ReadConsoleW
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
ExitProcess
IsValidCodePage
GetModuleHandleExW
GetACP
GetOEMCP
UnhandledExceptionFilter
SetStdHandle
GetTimeZoneInformation
GetCurrentDirectoryW
SetEnvironmentVariableW
WriteConsoleW
TlsFree

user32

ReleaseDC
GetDesktopWindow
CheckRadioButton
SystemParametersInfoW
IsWindowVisible
GetDC
DestroyWindow
SetDlgItemTextA
SendMessageW
LoadIconW
EndDialog
GetParent
LoadStringW
EnableWindow
GetWindowTextLengthW
GetDlgItem
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
TranslateMessage
GetMessageW
SendNotifyMessageW
CheckMenuItem
GetCursorPos
GetAncestor
WindowFromPoint
GetSystemMetrics
RegisterWindowMessageW
PostQuitMessage
KillTimer
LoadImageW
SetTimer
AnimateWindow
InsertMenuItemW
PostMessageW
InsertMenuW
GetSubMenu
LoadMenuW
SetWindowTextW
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
AppendMenuW
CreatePopupMenu
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamW
CreateWindowExW
MapDialogRect
ShowWindow
SetWindowPos
CallWindowProcW
SendDlgItemMessageW
GetDlgItemTextW
GetMenu
MoveWindow
SetFocus
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRect
MessageBoxW
DialogBoxParamW
RegisterClassW
LoadCursorW
DefWindowProcW
EndPaint
FillRect
BeginPaint
GetClientRect
GetDlgCtrlID
InvalidateRect
GetWindowLongW
SetWindowLongW
CheckDlgButton
SetWindowLongPtrW
GetWindowTextW
IsDlgButtonChecked
GetWindowLongPtrW
DispatchMessageW

gdi32

GetDeviceCaps
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectW

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

advapi32

DeleteService
RegQueryValueExW
RegCloseKey
RegDeleteValueW
ControlService
QueryServiceStatus
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
StartServiceW
RegOpenKeyExW
RegSetValueExW

shell32

ord155
ShellExecuteW
Shell_NotifyIconW
ord680
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
CoInitializeEx

oleaut32

OleLoadPicture

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

5f091eecefc1b49cd7a2a9cf6847cbb0

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

iphlpapi

shlwapi

rpcrt4

fwpuclnt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 541KB - Virtual size: 540KB

.data Size: 26KB - Virtual size: 50KB

.pdata Size: 74KB - Virtual size: 73KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 541KB - Virtual size: 540KB

.data
Size: 26KB - Virtual size: 50KB

.pdata
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 18KB - Virtual size: 17KB