8479398300a4a61d938d5ffbfc4c1e2e80416a0bf2dc6c978fc0e8e4f3eaa91a[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

8479398300a4a61d938d5ffbfc4c1e2e80416a0bf2dc6c978fc0e8e4f3eaa91a.exe.zip
Size

2.9MB
MD5

d7f89aa66bcd13be8e7fde2c3451f54b
SHA1

535dcde5d24f5e8a8919444f2ba6fd627da0465a
SHA256

fe4a160f49ce7f2581ca125e80a928bcd7a931c5593af1130e6657e38e95a424
SHA512

57971bfab3542d78fa6bc7043d30a8bbb41d08041ce082177b3ec97f491d13caa58f6e44551c4217e7b1731fd0ceec4861e74fa270ed3078f9de2dd2d3f47adf
SSDEEP

49152:an1T5sPKVuAV4tMkByCmDndzfmczc4gAONy9kzEcGTKjAfUXXmE0S8KVEmkCP/zF:61T5sPKKtZXznmWEcGe0fUX23YETU/HB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8479398300a4a61d938d5ffbfc4c1e2e80416a0bf2dc6c978fc0e8e4f3eaa91a.exe

Files

8479398300a4a61d938d5ffbfc4c1e2e80416a0bf2dc6c978fc0e8e4f3eaa91a.exe.zip
.zip

Password: infected
8479398300a4a61d938d5ffbfc4c1e2e80416a0bf2dc6c978fc0e8e4f3eaa91a.exe
.exe windows:5 windows x86 arch:x86

b644ebb2ccbd9e5e3e442a399d02d1c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

powerdatarecoverycore

??1KMemoryPool@@UAE@XZ

ikernel

klog_log

qt5core

?qrand@@YAHXZ

qt5gui

??1QPen@@QAE@XZ

qt5widgets

??1QMenu@@UAE@XZ

qt5network

??1QSslError@@QAE@XZ

user32

GetDC

gdi32

DeleteDC

advapi32

RegCloseKey

shell32

ord155

ole32

OleRun

oleaut32

SafeArrayCreateVector

msvcr120

rand

msvcp120

?_BADOFF@std@@3_JB

propsys

PSGetPropertyKeyFromName

mpr

WNetCloseEnum

libeay32

ord340

libcurl

curl_easy_init

Sections

.MPRESS1
Size: 2.8MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

b644ebb2ccbd9e5e3e442a399d02d1c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

powerdatarecoverycore

ikernel

qt5core

qt5gui

qt5widgets

qt5network

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcr120

msvcp120

propsys

mpr

libeay32

libcurl

Sections

.MPRESS1 Size: 2.8MB - Virtual size: 6.1MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 182KB - Virtual size: 181KB

.MPRESS1
Size: 2.8MB - Virtual size: 6.1MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 182KB - Virtual size: 181KB