21dad31a0deead9cdb4fb29d964e84a8

Sharing

Copy URL Twitter E-mail

General

Target

21dad31a0deead9cdb4fb29d964e84a8
Size

444KB
MD5

21dad31a0deead9cdb4fb29d964e84a8
SHA1

f4b2bcf7843d34cd72901c5e0341900ef25d194e
SHA256

68ed0d12de5902280adcb913c1c38fdffb0f16a0e73644c4b08f7a9c3ceb7b04
SHA512

41ee0e41e8b53785c9deeaab0107efab3191ae9d6d4fb451c9bbb07e8b13de356c9e2e3c5e679ef693273efb384db5d770c20797df7ee9411836924d70af09e2
SSDEEP

6144:zvmuG9HFVLcJCIA8+Oc7zLfYpMUBtiP/0ya33JDaULy1K2byyAwFdwmYJDUGp7tV:6uO4lc7PSM/hanJxPpyVzYTBtP3hb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/rocklee36001.exe

Files

21dad31a0deead9cdb4fb29d964e84a8
.eml
banca linea 3945.rar
.rar
rocklee36001.exe
.exe windows:6 windows x86 arch:x86

457e32d3dd9c9bc4442beae8353acab7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
VirtualProtect
CreateFileW
CloseHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetFilePointerEx
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
LCMapStringW
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
WriteConsoleW

user32

MessageBoxW
GrayStringA
GetDC
TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
PostQuitMessage
UnregisterClassW
RegisterClassExW
CreateWindowExW
ShowWindow
SetCapture
ReleaseCapture
LoadImageW
LoadCursorW
SetWindowLongW
GetWindowLongW
AdjustWindowRect
UpdateWindow

d3d11

D3D11CreateDeviceAndSwapChain

gdiplus

GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt

Sharing

General

Malware Config

Signatures

Files

457e32d3dd9c9bc4442beae8353acab7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

d3d11

gdiplus

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 28KB - Virtual size: 28KB