48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.zip
Size

299KB
MD5

4e953965bd4f0fd79d8bcabfe926a330
SHA1

0fa0145baa4153ff94fb29c916c33db8145223c5
SHA256

7a77e4caf16ad0fa76422beb61138b01890c651553a35eaf532ffddb4885e3dd
SHA512

cc89eea8e99eaa8657416f1df74bf6d4f9a09994feab0a2bd57497f92e9c38be832e3a7ed87386b8220ae2759c4d9e3d35dcd367b150942dc3f74a179405ef6d
SSDEEP

6144:dQAsgkNHuPE4sm5ilfg1PfzyfGRyp58BR3GGvsOd/RbUDXUyWshIFcn92LHpNwB:dQAsgmOPE4FaoVWGEp58XL/9cXUyNGgB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe

Files

48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.zip
.zip

Password: infected
48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe
.exe windows:5 windows x86 arch:x86

Password: infected

0a51b1dee43d79ab01dde11c015d41e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
SetPriorityClass
GetConsoleAliasExesLengthA
SetConsoleTextAttribute
InitializeSListHead
AddConsoleAliasW
FreeEnvironmentStringsA
GetModuleHandleW
GetWindowsDirectoryA
GetSystemTimes
GetVolumePathNameW
LoadLibraryW
TerminateThread
ReadConsoleInputA
SizeofResource
GetSystemWindowsDirectoryA
GetConsoleAliasW
GetConsoleAliasesW
GetLastError
SetLastError
lstrcmpiA
GetProcAddress
VirtualAlloc
CreateFileA
CreateNamedPipeA
EnumDateFormatsExA
SetVolumeLabelW
RemoveDirectoryA
SearchPathA
SetFileAttributesA
PrepareTape
OpenWaitableTimerA
LoadLibraryA
LocalAlloc
GetNumberFormatW
FoldStringW
GlobalFindAtomW
QueryMemoryResourceNotification
EndUpdateResourceA
GetCurrentProcessId
GlobalAddAtomW
AddConsoleAliasA
PeekConsoleInputW
FillConsoleOutputCharacterA
LCMapStringW
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte

user32

CharToOemBuffA
GetMessageExtraInfo

gdi32

GetCharABCWidthsFloatW

winhttp

WinHttpReadData

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 709KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0a51b1dee43d79ab01dde11c015d41e0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 274KB - Virtual size: 274KB

.data Size: 5KB - Virtual size: 709KB

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 274KB - Virtual size: 274KB

.data
Size: 5KB - Virtual size: 709KB

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 8KB - Virtual size: 7KB