1c01ba624e0a8b782fc1f8a8d6b5ce85

Sharing

Copy URL Twitter E-mail

General

Target

1c01ba624e0a8b782fc1f8a8d6b5ce85
Size

4.4MB
MD5

1c01ba624e0a8b782fc1f8a8d6b5ce85
SHA1

02bf9a096c203f1fb28285f8e125cf65dc0f2b46
SHA256

ec160b94546c015c5f899525ff04cc60083696e9113e2deb996066026d762cce
SHA512

c95c67b6c5f03d5db8e82cc40bdd79525690d04beded08f7d741c04be5ccd4aadbce4efa1be5db75d3015f813ed4a7d7d23ed7bb31d9748075fef9ee4435c521
SSDEEP

98304:9A5RM5UWqlf+Q8PNVGyylBewJ2ny433Io3LMm6QfnS5Lmc:CRM5UWif+Q8PrGVMwaL3LMm64iz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5da9c61a37ba161b8dbe3eaa80c2c3c2e0019ca412a5462489ffc208108bbc0b

Files

1c01ba624e0a8b782fc1f8a8d6b5ce85
.zip

Password: infected
5da9c61a37ba161b8dbe3eaa80c2c3c2e0019ca412a5462489ffc208108bbc0b
.exe windows:5 windows x86 arch:x86

fb94e546a8dcb99d56b1ea3cb0a469de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
SystemTimeToTzSpecificLocalTime
SetUnhandledExceptionFilter
InterlockedDecrement
SetMailslotInfo
InitializeSListHead
CancelWaitableTimer
GetTimeFormatA
LockFile
ConnectNamedPipe
GetTickCount
GetProcessHeap
FindNextVolumeMountPointA
WriteFile
TzSpecificLocalTimeToSystemTime
GlobalAlloc
GetSystemPowerStatus
GetSystemTimeAdjustment
GetFileAttributesA
HeapCreate
GetConsoleAliasW
GetAtomNameW
IsDBCSLeadByte
SetEndOfFile
VirtualUnlock
CreateJobObjectA
LCMapStringA
GetConsoleOutputCP
CreateDirectoryA
GetCurrentDirectoryW
GetProcAddress
HeapUnlock
SetFileAttributesA
LoadLibraryA
AddVectoredExceptionHandler
FindAtomA
GetTapeParameters
GetModuleFileNameA
GetModuleHandleA
EraseTape
FreeEnvironmentStringsW
ScrollConsoleScreenBufferA
SetProcessShutdownParameters
LocalFileTimeToFileTime
CompareStringW
CompareStringA
WriteConsoleW
SetLocalTime
EnumDateFormatsExW
WriteConsoleOutputCharacterW
HeapCompact
GlobalUnlock
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
Sleep
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CloseHandle
CreateFileA
InitializeCriticalSectionAndSpinCount
HeapSize
SetConsoleCtrlHandler
InterlockedExchange
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
ReadFile
GetLocaleInfoW
GetTimeZoneInformation
WriteConsoleA
SetEnvironmentVariableA

user32

GetDesktopWindow
GetProcessWindowStation

advapi32

BackupEventLogA
AbortSystemShutdownA
AddAccessDeniedAce
EqualPrefixSid
GetLengthSid

Exports

Exports

Albus
Coffe
Super
SuspendYourMind

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pedun
Size: 1024B - Virtual size: 577B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

fb94e546a8dcb99d56b1ea3cb0a469de

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 4.3MB - Virtual size: 4.3MB

.data Size: 40KB - Virtual size: 117KB

.pedun Size: 1024B - Virtual size: 577B

.rsrc Size: 39KB - Virtual size: 4.7MB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 4.3MB - Virtual size: 4.3MB

.data
Size: 40KB - Virtual size: 117KB

.pedun
Size: 1024B - Virtual size: 577B

.rsrc
Size: 39KB - Virtual size: 4.7MB