ZnVmZdD[.]zip | Triage

Resubmissions

31-10-2020 05:41

201031-a4vqedhr2n 10

Sharing

Copy URL

Twitter E-mail

General

Target

ZnVmZdD.zip
Size

354KB
MD5

6705b8b83b7fb6eaad72f6939640b29f
SHA1

0a3702cb48bb5b491e0d9f78c2fbf4c39565d30d
SHA256

6d63bbc66801b9842d93edb1ebb0bae46a7218dceb83328f27deb5f3ad0f974b
SHA512

7b8bc47007f7bce44276a430de8e56403e1b60cbc2fef15c434b106ae84c3f217dfbf09d876f77cb574eb3be3e74e47d3f2b720439e73237ba7b6749b0061169
SSDEEP

6144:VB86du5b/tYjMbqF8MFIYg6iYic3ixePaVMppckXGMTDOy4a+aFQAz:f8b5b/tYAWFRxiY1SxePaeqxy4aLQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ZnVmZdD.dll

Files

ZnVmZdD.zip
.zip

Password: infected
ZnVmZdD.dll
.dll windows:6 windows x86 arch:x86

Password: infected

f9d209a7de28d9fcb8e5cc722e0bf45a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
VirtualProtectEx
GetCurrentDirectoryA
CloseHandle
SetEndOfFile
CreateFileW
OutputDebugStringW
ReadConsoleW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
HeapFree
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetStdHandle
GetFileType
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
ReadFile
SetFilePointerEx
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetModuleFileNameW
HeapReAlloc
SetStdHandle
WriteConsoleW
LoadLibraryExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f9d209a7de28d9fcb8e5cc722e0bf45a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

Sections

.text Size: 267KB - Virtual size: 267KB

.rdata Size: 188KB - Virtual size: 187KB

.data Size: 7KB - Virtual size: 111KB

.rsrc Size: 67KB - Virtual size: 67KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 267KB - Virtual size: 267KB

.rdata
Size: 188KB - Virtual size: 187KB

.data
Size: 7KB - Virtual size: 111KB

.rsrc
Size: 67KB - Virtual size: 67KB

.reloc
Size: 8KB - Virtual size: 8KB