19348367fafd441e48cc28e24bb1dcb3

Sharing

Copy URL Twitter E-mail

General

Target

19348367fafd441e48cc28e24bb1dcb3
Size

472KB
MD5

19348367fafd441e48cc28e24bb1dcb3
SHA1

309d73a093ad3c0533b04a35235d5e388f32158a
SHA256

27ee28fa8292c8105f0aa15f9b615e954753f6d798defade3b23b1b009101778
SHA512

72d442f8e94fa6666da0377dd78d155f3219ec62f3b8f2fbd67d83de107f6c84201471d5c06cbcdafab2fafd5065c71d2c46866b7a04b2b7421d448c41770ac0
SSDEEP

6144:d3u+5LiWOF+4KaGKowqL/PppIEpco4CGxGkF83F3GlU90NPaeUIgoV+P4sx6rcRA:hZdjCybPXcXz8lGO90tHCRNM/5v5

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/USB-Knoppix/7-Zip/7z.dll
unpack001/USB-Knoppix/7-Zip/7z.exe
unpack001/USB-Knoppix/7-Zip/7zCon.sfx
unpack001/USB-Knoppix/syslinux/win32/hello.exe
unpack001/USB-Knoppix/syslinux/win32/syslinux.exe

Files

19348367fafd441e48cc28e24bb1dcb3
.zip
USB-Knoppix/7-Zip/7z.dll
.dll windows:4 windows x86 arch:x86

72d1bfee97be4b38dd210f2f3a581d01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharPrevExA
CharPrevA
CharNextA
CharLowerW
CharLowerA
CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
memcmp
_purecall
memcpy
memmove
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
FileTimeToDosDateTime
FileTimeToLocalFileTime
SystemTimeToFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
DeleteCriticalSection
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
USB-Knoppix/7-Zip/7z.exe
.exe windows:4 windows x86 arch:x86

e27e45030cd41886a2b0cd2aecee8897

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharPrevA
CharUpperW
CharNextA
CharUpperA

oleaut32

SysStringByteLen
VariantCopy
VariantClear
SysAllocString
SysFreeString

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
fprintf
memcpy
fputc
fputs
fflush
fgetc
fclose
_iob
free
malloc
memmove
strlen
memcmp
_purecall
__CxxFrameHandler
_CxxThrowException
_isatty
_fileno

kernel32

VirtualAlloc
GetTickCount
VirtualFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
FileTimeToDosDateTime
GetProcessTimes
LocalFree
GetSystemTime
SystemTimeToFileTime
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenEventA
GetStdHandle
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
SearchPathW
SearchPathA
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryExA
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
GetCurrentDirectoryW
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetCurrentDirectoryW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
USB-Knoppix/7-Zip/7zCon.sfx
.exe windows:4 windows x86 arch:x86

62f777ddca1c144103fac95779b68c8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharNextA
CharUpperA

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
_rotr
memset
memcpy
fputc
fputs
fflush
fgetc
fclose
_iob
free
malloc
memmove
_purecall
memcmp
_CxxThrowException
__CxxFrameHandler

kernel32

AreFileApisANSI
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
DeleteCriticalSection
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
FileTimeToSystemTime
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileW
FindFirstFileA
FindClose
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
GetCommandLineW
SetFileApisToOEM
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
LocalFree
FormatMessageA
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
USB-Knoppix/7-Zip/History.txt
USB-Knoppix/7-Zip/License.txt
USB-Knoppix/7-Zip/copying.txt
USB-Knoppix/7-Zip/readme.txt
USB-Knoppix/fixkp2.bat
USB-Knoppix/makeboot.bat
USB-Knoppix/syslinux/win32/COPYING
USB-Knoppix/syslinux/win32/Makefile
USB-Knoppix/syslinux/win32/README
USB-Knoppix/syslinux/win32/hello.c
USB-Knoppix/syslinux/win32/hello.exe
.exe windows:4 windows x86 arch:x86

990fa6b86d52aa1482b21e0f0766f228

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memset
puts
signal

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
USB-Knoppix/syslinux/win32/syslinux.c
USB-Knoppix/syslinux/win32/syslinux.exe
.exe windows:4 windows x86 arch:x86

3a640d72e010ddee370c7b780fbc0728

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateFileA
DeleteFileA
DeviceIoControl
ExitProcess
FindAtomA
FlushFileBuffers
FormatMessageA
GetAtomNameA
GetDriveTypeA
GetLastError
GetLogicalDrives
GetVersionExA
LocalFree
MoveFileA
ReadFile
SetFileAttributesA
SetFilePointer
SetUnhandledExceptionFilter
WriteFile

msvcrt

__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
abort
atexit
exit
fprintf
fputs
free
malloc
memcmp
memcpy
memset
signal
sprintf
tolower

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 752B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72d1bfee97be4b38dd210f2f3a581d01

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 42KB

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 21KB - Virtual size: 21KB

e27e45030cd41886a2b0cd2aecee8897

Headers

File Characteristics

Imports

user32

oleaut32

advapi32

msvcrt

kernel32

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 1024B - Virtual size: 784B

62f777ddca1c144103fac95779b68c8a

Headers

File Characteristics

Imports

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

990fa6b86d52aa1482b21e0f0766f228

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 512B - Virtual size: 208B

.bss Size: - Virtual size: 208B

.idata Size: 1024B - Virtual size: 656B

3a640d72e010ddee370c7b780fbc0728

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 752B

.idata Size: 1KB - Virtual size: 1KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 42KB

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 21KB - Virtual size: 21KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 1024B - Virtual size: 784B

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 512B - Virtual size: 208B

.bss
Size: - Virtual size: 208B

.idata
Size: 1024B - Virtual size: 656B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 752B

.idata
Size: 1KB - Virtual size: 1KB