259f8a663b9300a6a9422da2ba09cc5ec58455db0edf216dcc7c25d5dfe1215c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

259f8a663b9300a6a9422da2ba09cc5ec58455db0edf216dcc7c25d5dfe1215c.zip
Size

134KB
MD5

ea246ff7f69bebd2a54fb62635a43d95
SHA1

49425b082f51fde929eac9a05f15f3e07b575455
SHA256

687afd816121915bcb8e726a40580042c1ab4550cf7a0d5425f8dabfa3e24f3e
SHA512

911f44554150900826dbcde3fbcb17f58a29ee6aaeaab2ec77d2b4b4cb6a7024d09ccadd70525b5e14cb6c4f3e5ce14e10d654b3a43227e06de701228a55508d
SSDEEP

3072:th4wYmddKD8v+PtjqsDL8MTqgFfyU1h4BK/ai+/D5JINJtiOjeZG:rdoD8w/JvMKWCGG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/259f8a663b9300a6a9422da2ba09cc5ec58455db0edf216dcc7c25d5dfe1215c.exe

Files

259f8a663b9300a6a9422da2ba09cc5ec58455db0edf216dcc7c25d5dfe1215c.zip
.zip

Password: infected
259f8a663b9300a6a9422da2ba09cc5ec58455db0edf216dcc7c25d5dfe1215c.exe
.exe windows:5 windows x86 arch:x86

Password: infected

238e0fa0f52afef2ef7eb9659d95319e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GlobalFix
SetProcessAffinityMask
CreateFileA
GetFileSize
FindFirstFileW
WriteConsoleOutputCharacterW
InterlockedIncrement
InterlockedDecrement
GetNamedPipeHandleStateA
WriteConsoleInputA
MoveFileWithProgressA
GetModuleHandleW
LocalFlags
ReadConsoleW
GetWindowsDirectoryA
GetCompressedFileSizeW
SetCommState
ActivateActCtx
GlobalAlloc
GetVolumeInformationA
LoadLibraryW
TerminateThread
ReadConsoleInputA
SetConsoleCP
DeleteVolumeMountPointW
GlobalFlags
GetConsoleAliasW
SetSystemPowerState
ReplaceFileW
GetTimeZoneInformation
CreateActCtxA
GetTempPathW
FindFirstFileA
GetProcAddress
VerLanguageNameW
GetPrivateProfileStringA
GetProcessId
OpenWaitableTimerW
GetConsoleScreenBufferInfo
BuildCommDCBAndTimeoutsW
AddAtomW
RemoveDirectoryW
GlobalGetAtomNameW
GetCurrentConsoleFont
FoldStringA
GlobalFindAtomW
GetModuleHandleA
GetProcessShutdownParameters
WriteProfileStringW
VirtualProtect
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
AddConsoleAliasA
ReadConsoleOutputCharacterW
CloseHandle
WriteConsoleW
SetStdHandle
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
WideCharToMultiByte
HeapFree
HeapAlloc
ExitProcess
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetCPInfo
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW

user32

CharUpperA
CharToOemBuffA

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

238e0fa0f52afef2ef7eb9659d95319e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 161KB - Virtual size: 161KB

.data Size: 18KB - Virtual size: 3.5MB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 161KB - Virtual size: 161KB

.data
Size: 18KB - Virtual size: 3.5MB

.rsrc
Size: 26KB - Virtual size: 26KB