e187b08a2b1053eff8505c55130abfd6a05382e2da401927ad97c04851890b85[.]zip

Resubmissions

11/12/2023, 17:05

231211-vlyr8scgfl 3

11/12/2023, 16:41

231211-t7kl3adgd7 3

11/12/2023, 16:33

231211-t2s19adfa6 3

Sharing

Copy URL Twitter E-mail

General

Target

e187b08a2b1053eff8505c55130abfd6a05382e2da401927ad97c04851890b85.zip
Size

70KB
MD5

fb6ebfdac82048737cebcd2870da619b
SHA1

acabad71f9697f144b0c899425194ba8339e0d2a
SHA256

25ae1dd90a4701d6e1362764c6d5de5a9d75680967c79c04cc26a343556535a2
SHA512

ef339896dcf8190289d9f099a788356e4ff9dbc17d016bf100cd90a2ec72684312c2661ac9a480f914e9ae2dc4b059f27529b4fcaf4d60c6e5f4e484e9259c91
SSDEEP

1536:DpOuZ2BAK63nRLZxGE+Pu1iDCnThSoT+XWH4fN5y0e1/YXceG1Ed6KAJ07QDbAB:EuYBrIvGSjTvSXu47f+liM07QDcB

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e187b08a2b1053eff8505c55130abfd6a05382e2da401927ad97c04851890b85
unpack001/rundll32.exe

Files

e187b08a2b1053eff8505c55130abfd6a05382e2da401927ad97c04851890b85.zip
.zip

Password: infected
e187b08a2b1053eff8505c55130abfd6a05382e2da401927ad97c04851890b85
.dll windows:4 windows x86 arch:x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

DllMain@12
Start

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 91B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rundll32.exe
.exe windows:10 windows x64 arch:x64

Password: infected

4db27267734d1576d75c991dc70f68ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_commode
__CxxFrameHandler3
_amsg_exit
_vsnwprintf
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_fmode
__wgetmainargs
__set_app_type
exit
_wcmdln
_initterm
__setusermatherr
_cexit
_lock
_exit
_XcptFilter
free
_purecall
_wtoi
memcpy_s
__C_specific_handler
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CLSIDFromString
CoCreateInstance
CoInitializeEx
CoRevokeClassObject
CoUninitialize
CoWaitForMultipleHandles
CoInitializeSecurity

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
SetFilePointer
GetFileAttributesW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
LoadStringW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateEventW
CreateMutexExW
ReleaseSemaphore
ReleaseSRWLockShared
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
CreateProcessW
TerminateProcess
GetStartupInfoW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

FreeConsole
AttachConsole

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-downlevel-shlwapi-l1-1-0

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-0

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtClose
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtSetInformationToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.data Size: 3KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 960B

.edata Size: 512B - Virtual size: 91B

.idata Size: 512B - Virtual size: 20B

.reloc Size: 4KB - Virtual size: 3KB

Password: infected

4db27267734d1576d75c991dc70f68ac

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-shlwapi-l2-1-0

imagehlp

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 256B

.text
Size: 78KB - Virtual size: 77KB

.data
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 960B

.edata
Size: 512B - Virtual size: 91B

.idata
Size: 512B - Virtual size: 20B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 256B