7502affbbb6086a020fe2ffe7b079e7ccf8e7fb11d48960561826054b2e0c1fe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

7502affbbb6086a020fe2ffe7b079e7ccf8e7fb11d48960561826054b2e0c1fe.zip
Size

1.0MB
MD5

bf96236a1b23aea4ccf25882fb55c97c
SHA1

e708dab26a0b7da74f03f044585614e6eaf172a2
SHA256

a75468c16ba03bda877d26d7881d0d46cc3f28c973331dbe7faf54044acf7ad4
SHA512

6c9daff56ae9b9b298021b39f986e1c7f20c7f42c66b7c81247ad252851b080e0064179fa426138da5c52f85e264554d040321b4d2c6d322fcd99687b9879d5c
SSDEEP

24576:Sc+korse4iAB2uIbuFg6ct4h23QetMfWET/jPfwlCDoPteihLi0:1+kOsriABJrFRctI2ALOETklCklV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7502affbbb6086a020fe2ffe7b079e7ccf8e7fb11d48960561826054b2e0c1fe.dll

Files

7502affbbb6086a020fe2ffe7b079e7ccf8e7fb11d48960561826054b2e0c1fe.zip
.zip

Password: infected
7502affbbb6086a020fe2ffe7b079e7ccf8e7fb11d48960561826054b2e0c1fe.dll
.dll windows:5 windows x86 arch:x86

Password: infected

c9ec03d1eaad4e1692358ca05ade2cf2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

DefDriverProc

secur32

InitializeSecurityContextW

kernel32

lstrcmpiA
DeleteFiber
GetOverlappedResult
ExitProcess
FindFirstVolumeW
GetConsoleCP
GetSystemPowerStatus
GetProcessHeap
GetSystemDefaultUILanguage
GetThreadLocale
EnumTimeFormatsA
DeleteFileA
GetCurrentConsoleFont
GetModuleHandleA
OutputDebugStringA
LoadLibraryExW
GetModuleFileNameA
GetBinaryTypeA
WaitForSingleObjectEx
GetBinaryTypeW
GetLogicalDriveStringsW
GetConsoleMode
VirtualProtectEx

winspool.drv

DeletePrinterDriverExW

msvcrt

mbtowc
fgetws
fputws
fwrite

oleaut32

LoadRegTypeLi

advapi32

DeleteAce
GetFileSecurityW

gdi32

GetTextExtentPointA
GetOutlineTextMetricsA
GetCharWidthA
ExcludeClipRect

shell32

ExtractIconExA

user32

GetMenuItemInfoA
GetClipboardSequenceNumber
GetClipboardFormatNameA
DrawStateA
IsWindowVisible
GetRawInputDeviceInfoW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 916KB - Virtual size: 914KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c9ec03d1eaad4e1692358ca05ade2cf2

Headers

DLL Characteristics

File Characteristics

Imports

winmm

secur32

kernel32

winspool.drv

msvcrt

oleaut32

advapi32

gdi32

shell32

user32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 916KB - Virtual size: 914KB

.data Size: 228KB - Virtual size: 227KB

.rsrc Size: 20KB - Virtual size: 18KB

.reloc Size: 72KB - Virtual size: 70KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 916KB - Virtual size: 914KB

.data
Size: 228KB - Virtual size: 227KB

.rsrc
Size: 20KB - Virtual size: 18KB

.reloc
Size: 72KB - Virtual size: 70KB