39e0d5afdd6d01e16136eaa6392cf1251352aa3901d6628d418ef40bb0c7d792

Sharing

Copy URL Twitter E-mail

General

Target

39e0d5afdd6d01e16136eaa6392cf1251352aa3901d6628d418ef40bb0c7d792
Size

12.4MB
MD5

ea5090ae9952dde362c4fd92afa03f57
SHA1

7952089ad535fb834f52784ab5bab6c6f5c82fd5
SHA256

39e0d5afdd6d01e16136eaa6392cf1251352aa3901d6628d418ef40bb0c7d792
SHA512

9dd35cbb351d3dadbfe6a90cf5f604bc426fc3fbf2079f7cfa4f0568ef32fe69b9e9a52b23518b9f28a5b805d29b4ad5637cc3cc73c5d9909c1d026f8389f7b4
SSDEEP

393216:lEy1s6YQgVNJfpiNjDBuY1HiToieZJou6:GzfpiNjDBJ9iTopj6

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Downloads/AZZZ.exe
unpack001/Downloads/setup202311.exe

Files

39e0d5afdd6d01e16136eaa6392cf1251352aa3901d6628d418ef40bb0c7d792
.zip
Downloads/AZZZ.exe
.exe windows:6 windows x86 arch:x86

03b269fdb944d2e70d4c66e5d2f1774e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
GetEnvironmentVariableA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
Process32FirstW
GetModuleFileNameW
GetWindowsDirectoryW
GetProcAddress
ReadProcessMemory
GetCurrentProcessId
GlobalMemoryStatusEx
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualAlloc
SetLastError
CloseHandle
FindFirstFileA
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
InitializeSListHead

user32

EnumWindows

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid

ole32

CoInitializeEx
CoUninitialize
CoGetObject

msvcp140

?_Xlength_error@std@@YAXPBD@Z

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

vcruntime140

__std_exception_copy
_CxxThrowException
__std_exception_destroy
__current_exception_context
memset
_except_handler4_common
memmove
__current_exception
memcpy
__CxxFrameHandler3

api-ms-win-crt-stdio-l1-1-0

ftell
fclose
fread
__p__commode
fwrite
__stdio_common_vfprintf
_set_fmode
fopen
fseek
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s
_wcsicmp

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_invalid_parameter_noinfo_noreturn
_set_app_type
_errno
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18.5MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Downloads/EV¼-app¼mp4.msi
.msi
Downloads/setup202311.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03b269fdb944d2e70d4c66e5d2f1774e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcp140

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 18.5MB - Virtual size: 18.5MB

.reloc Size: 1024B - Virtual size: 764B

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 42KB - Virtual size: 42KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 18.5MB - Virtual size: 18.5MB

.reloc
Size: 1024B - Virtual size: 764B

CODE
Size: 42KB - Virtual size: 42KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB