config[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

config.zip
Size

1.4MB
MD5

4b66d223b0f4280ad86b1461bf043241
SHA1

71d79203a79d1dc27dd9febf7fabc7679d340613
SHA256

7107780930bf2cf64102e18ed81d74e244eaff05ae14341ac8b7818b9190be4c
SHA512

b87a512e33bf5661c93dc09f6bc4be0de39b0a5fac186e08e7be05eaec14324cb04fd1711f0a2a87fb46d0e149871075b0dbd6d76c067ec3ff2a98a83c98d56b
SSDEEP

24576:i2bgT85/gGZdJeHV1H0pr/NPoCpVLPIvG1uSRYK2OMuOBexqb3N14XoSg9jTD9VJ:lcT86+eH7UzPoCpVDIvyBVzMgkTPf9nR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/config.cpl

Files

config.zip
.zip
config.cpl
.dll windows:6 windows x86 arch:x86

ada2db691d15e230c727b763fa43aa8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetLastError
GetCurrentDirectoryA
CreateThread
SuspendThread
GetFileAttributesA
FindFirstFileA
FindNextFileA
GetTempPathA
GetStdHandle
CreateNamedPipeA
VirtualAlloc
GetNamedPipeInfo
GetNamedPipeHandleStateA
MultiByteToWideChar
GetDiskFreeSpaceA
GetHandleInformation
SetHandleInformation
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
GetCurrentThreadId
HeapAlloc
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetStringTypeW
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
InterlockedFlushSList
RtlUnwind
RaiseException
GetModuleFileNameA
FindClose
FindFirstFileExA
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

CPlApplet
FiVH
HDXaC212
HzTH
Qew
ZYzlYH557y

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ada2db691d15e230c727b763fa43aa8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 412KB - Virtual size: 412KB

.data Size: 1.2MB - Virtual size: 1.2MB

.gfids Size: 512B - Virtual size: 164B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 412KB - Virtual size: 412KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.gfids
Size: 512B - Virtual size: 164B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB