6ba640506907c8be2f5efc8c961644e1ca1a756a76cb72e59ed03027cddfcc3b[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

6ba640506907c8be2f5efc8c961644e1ca1a756a76cb72e59ed03027cddfcc3b.exe.zip
Size

4.1MB
MD5

00e03ed96c65beac3775f5e9f05ac15b
SHA1

8d7f35262209115cacf776fe79ef4e58bf6f6783
SHA256

3ffdbf4a51306e4dd88c22d377fab3de01e962fe5a2f1e3ee72e0117f56f7ba0
SHA512

aa5435ab1c1230c255ac7d342622a4fd3ddc33fdd7e62b6ba939466a0611037045498278dfe9b5997e369262176212a03394093972e5bd0aaf11592fd83e73d5
SSDEEP

98304:Nufz0C+SrsVL1WOOD2PdqY4okRWWaQM67ARIndMXy:k4ws1nODWdtWU6cRInai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6ba640506907c8be2f5efc8c961644e1ca1a756a76cb72e59ed03027cddfcc3b.exe

Files

6ba640506907c8be2f5efc8c961644e1ca1a756a76cb72e59ed03027cddfcc3b.exe.zip
.zip

Password: infected
6ba640506907c8be2f5efc8c961644e1ca1a756a76cb72e59ed03027cddfcc3b.exe
.exe windows:5 windows x86 arch:x86

10b0dc84e56cfb31ea1d34d9b90b705c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetForegroundWindow
MessageBoxA
ExitWindowsEx
EnumWindows
IsIconic
ShowWindow
MessageBoxW
GetLastActivePopup
IsWindowVisible
GetWindowThreadProcessId
MonitorFromPoint

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitializeEx
GetHGlobalFromStream
CoUninitialize

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringA
SetStdHandle
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTimeZoneInformation
GetLocaleInfoA
CompareStringA
CompareStringW
SetEndOfFile
WriteConsoleA
CreateProcessA
SetEnvironmentVariableW
LCMapStringW
HeapCreate
HeapReAlloc
GetLastError
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetProcAddress
LoadLibraryA
GetUserDefaultLCID
CloseHandle
CreateFileA
CreateDirectoryA
FlushFileBuffers
WriteConsoleW
GetFileType
GetStdHandle
GetLongPathNameW
ExitProcess
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
MultiByteToWideChar
AreFileApisANSI
FindFirstFileW
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
SetHandleInformation
CreatePipe
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GetCurrentProcessId
GetLongPathNameA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetTempPathA
GetEnvironmentVariableW
GetTempPathW
GetTempFileNameA
GetFullPathNameW
GetFullPathNameA
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetConsoleOutputCP
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
GetProcessHeap
SetEnvironmentVariableA
SearchPathA
GetSystemTimeAsFileTime
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
GetMailslotInfo
CreateThread
CreateMailslotA
GetCommandLineW
CreateSemaphoreA
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
GlobalUnlock
GlobalSize
GlobalLock
GetTickCount
AllocConsole
GetModuleHandleA
LoadLibraryExA
SetCurrentDirectoryW
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
CreateDirectoryW
RemoveDirectoryW
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetConsoleCP
GetConsoleMode
DeleteCriticalSection
SetHandleCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
VirtualAlloc

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

10b0dc84e56cfb31ea1d34d9b90b705c

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ole32

kernel32

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 67KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 67KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 10KB