assets (2)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

assets (2).zip
Size

1.0MB
MD5

9d1e386eb89aabf2d311ec70e7f86b86
SHA1

f36788322e60afcc01b5a7156c4a896162283173
SHA256

6d6abd8747e39c15668a1009cc7a41aff123b9aa7379060d854246147b5cb10e
SHA512

8fda09e2bbb354f226ecc9757fa85223e726f8e4b26dbcc8da676649c8d31f12e9e677105600eae245d4cbf7aefe8aaa22cababf2b63ba419862662f3b3a7d84
SSDEEP

24576:VzGHqLCgiFR3DogFUrfcN9ikfmMyqNE8vDhS32:OqWdREHcs6NEYcm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BankOfChina1.exe

Files

assets (2).zip
.zip
BankOfChina1.exe
.exe windows:6 windows x86 arch:x86

4f601dcb43304c66cf782b449f927733

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
VerifyVersionInfoW
GetUserDefaultUILanguage
WriteConsoleW
HeapFree
HeapAlloc
GetFullPathNameW
GetFileAttributesW
CreateFileW
GetCommandLineW
SetStdHandle
GetStdHandle
LoadLibraryW
RaiseException
DecodePointer
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
DuplicateHandle
GetFileType
GetModuleFileNameA
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
VerSetConditionMask

shell32

CommandLineToArgvW

user32

FindWindowA
ShowWindow
MessageBoxExW

shlwapi

StrCmpW
PathAppendW
PathRemoveFileSpecW

msi

ord90

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BankOfChina1.swf
META-INF/AIR/application.xml
.xml
META-INF/AIR/hash
META-INF/signatures.xml
assets/logo128.png
.png
assets/src=http___5b0988e595225.cdn.sohucs.com_images_20190121_5247dfe431674dd2991c8bcdbb6a73cc.jpeg&refer=http___5b0988e595225.cdn.sohucs(1).jpg
.jpg
assets/src=http___5b0988e595225.cdn.sohucs.com_images_20190121_5247dfe431674dd2991c8bcdbb6a73cc.jpeg&refer=http___5b0988e595225.cdn.sohucs.jpg
.jpg
assets/src=http___5b0988e595225.cdn.sohucs.com_images_20190121_5247dfe431674dd2991c8bcdbb6a73cc.jpeg&refer=http___5b0988e595225.cdn.sohucs.png
.png
logo128.png
.png
mimetype

Sharing

General

Malware Config

Signatures

Files

4f601dcb43304c66cf782b449f927733

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

user32

shlwapi

msi

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 4KB - Virtual size: 3KB