Control
FreeBuffer
Release
Start
Static task
static1
1 signatures
General
-
Target
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.zip
-
Size
92KB
-
MD5
d3d0be3373e954d550e93822a6619eee
-
SHA1
a71291bd96edca3b44a429922a0f2c2a488a0a96
-
SHA256
067c036cbf52b713cf9cc6339713c48c2e09ff0b52516f715cccde88ffb58a36
-
SHA512
6fb78051e44645d23a83c79dfd17ae0e563e024be6d19058b67fd71b45e01f94ba3d0e3ee4046684ad23e07409a87691a044394191be3015a55d62e0c530909c
-
SSDEEP
1536:qnWdasY4T3oKMZrxbomQnP9x5TbKfKeZUIrCAKnM2HavyzOCfykRMlE/Es:qUJTkZtbC9x5TJgUiC1nzHkyaCfxRMlM
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.exe
Files
-
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.zip.zip
Password: infected
-
2828fabf3937d88b85183664c9019c4639776ba7c2322f48e4957108ef07ed65.exe.dll windows:6 windows x64 arch:x64
818152acf9b9745a10910998c6f4cf34
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
advapi32
CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid
shell32
ord680
Exports
Exports
Sections
.text Size: 125KB - Virtual size: 124KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 216B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ