batman1[.]zip | Triage

Resubmissions

08-12-2023 11:08

231208-m8mdqaba46 10

01-11-2020 09:14

201101-da931xqx5x 10

01-11-2020 08:59

201101-jwsyvmsbls 10

Sharing

Copy URL

Twitter E-mail

General

Target

batman1.zip
Size

216KB
MD5

b86406aa385d641e99a64c1d4e0dc762
SHA1

d971b22f4ad60d4cc0bf301e933076df31c84bd0
SHA256

19614f57ed86b1305c8e00443ee49f751a62b19df9f1a72f326d939b0fd69e66
SHA512

a1fd42444910c308527f6bf4e030d4df54241cb9108bbcb1724225183f8e645b28f48c0609e87bbc870452a352c2b1978d7edc6c18239413c4ce2529a2f8a8d3
SSDEEP

3072:jmMgUvmeeVemDanCmC627kNRrQayPqmi+QvSsg0uvt+8RdGkU66gr7ZxJq0izUXH:jmMgjeQarfIcSs0pRdlU6zdq0GUXryyJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/batman1.exe

Files

batman1.zip
.zip

Password: infected
batman1.exe
.exe windows:5 windows x86 arch:x86

Password: infected

d01c1de5b3809b46e3c55481ecafaf4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
GetConsoleAliasA
SetConsoleScreenBufferSize
FlushViewOfFile
_lclose
GetProcessPriorityBoost
GetModuleHandleW
GetTickCount
GetWindowsDirectoryA
GetPriorityClass
GetVolumePathNameW
OpenProcess
EnumSystemCodePagesA
GetAtomNameW
EnumResourceLanguagesA
MultiByteToWideChar
DisconnectNamedPipe
FindFirstFileExA
GetLastError
GetLongPathNameA
ClearCommError
SetVolumeLabelW
SetFileApisToOEM
ProcessIdToSessionId
LocalAlloc
IsWow64Process
SetConsoleOutputCP
SetProcessWorkingSetSize
GetCommMask
GetDefaultCommConfigA
FindFirstVolumeMountPointA
VirtualProtect
EnumDateFormatsW
FatalAppExitA
SetCalendarInfoA
FindAtomW
FindNextVolumeA
lstrcpyW
WriteConsoleW
LoadLibraryW
HeapAlloc
BuildCommDCBAndTimeoutsA
lstrlenA
WriteConsoleOutputCharacterW
PeekConsoleInputW
GetVolumeNameForVolumeMountPointA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
WideCharToMultiByte
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
SetFilePointer
CloseHandle
GetProcAddress
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileW

user32

GetCaretPos

advapi32

RevertToSelf
EnumServicesStatusW
BackupEventLogA
RegQueryMultipleValuesW
QueryServiceLockStatusW

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d01c1de5b3809b46e3c55481ecafaf4f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 699KB

.rsrc Size: 107KB - Virtual size: 106KB

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 699KB

.rsrc
Size: 107KB - Virtual size: 106KB