155AD32D48B106A5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

155AD32D48B106A5.zip
Size

828KB
MD5

bc0b83f9487f41af4e305ad6700a24e4
SHA1

7fdd656baa59e68a9d6830c4b63dd2d151c399a2
SHA256

93f84d7bf0cf1ec19e21b79e5a8e7e6075a86229d9317b9a36faa4d4f5eea2c9
SHA512

b2777d6c099b0f4904f03833e0bf9467d26dcf3a71b6dd149b2844570ea907c91902fb9e7d64b888e5029ebf0477332b18069df71264f9983a776b9d35cefc10
SSDEEP

12288:hZrrLeva3EuS3W3o7Dd71nEc5FHPXKo6CKKBQcE60Z8IglXwcivrmu8F4Bwd6fD:HXkEE3W3oEc/HPX3Kzcj0DfD7A0wd6fD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4e8c0d68c14fd0b55ada0a38b785f212a901724488dbcb36497a64d2acabf5cc

Files

155AD32D48B106A5.zip
.zip

Password: infected
4e8c0d68c14fd0b55ada0a38b785f212a901724488dbcb36497a64d2acabf5cc
.exe windows:6 windows x86 arch:x86

8211d4eaf78371dddb4ac3c5ef3e3a84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
CreateProcessW
lstrcmpiW
GetVolumeInformationA
GetSystemInfo
GetComputerNameA
WaitForSingleObject
GlobalAlloc
GlobalFree
GetCurrentDirectoryW
GlobalLock
CreateProcessA
GlobalUnlock
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LocalFree
GetModuleHandleW
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
CreateFileA
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetLastError
QueryPerformanceFrequency
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
CreatePipe
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
VirtualAlloc
WriteFile
lstrlenW
VirtualFree
GetModuleFileNameA
GetConsoleWindow
CloseHandle
GetLastError
Sleep
GetExitCodeProcess
GetConsoleMode
GetConsoleOutputCP
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
ExitProcess
FreeLibraryAndExitThread
ExitThread
SetStdHandle
CreateThread
DuplicateHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteConsoleW
InterlockedPushEntrySList
RtlUnwind
CreateMutexW
DeleteCriticalSection
GetCurrentProcess
RaiseException
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetLocaleInfoEx
SetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileInformationByHandle
SetFileInformationByHandle
CopyFileW
GetFileInformationByHandleEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW

user32

UnhookWindowsHookEx
ShowWindow
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
SetWindowsHookExW
TranslateMessage
DispatchMessageW
GetMessageW
CallNextHookEx
GetKeyState

advapi32

OpenProcessToken
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegOpenKeyExW

wininet

InternetCrackUrlW
InternetOpenW
HttpOpenRequestA
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetOpenUrlA
HttpSendRequestW
InternetConnectA
InternetSetOptionW
InternetConnectW
InternetReadFile

ntdll

NtGetContextThread
NtClose
NtSetContextThread
NtWriteVirtualMemory
NtUnmapViewOfSection
NtWaitForSingleObject
NtTerminateProcess
NtResumeThread
NtReadVirtualMemory

d3d9

Direct3DCreate9

crypt32

CryptUnprotectData
CryptStringToBinaryA

ole32

CoGetObjectContext
CoGetApartmentType

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8211d4eaf78371dddb4ac3c5ef3e3a84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

ntdll

d3d9

crypt32

ole32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 203KB - Virtual size: 202KB

.data Size: 26KB - Virtual size: 35KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 54KB - Virtual size: 54KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 203KB - Virtual size: 202KB

.data
Size: 26KB - Virtual size: 35KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 54KB - Virtual size: 54KB