0c441f2da164713e412a155f27897b942aa612c95547a9663f85a9aa9a19d5f6[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

0c441f2da164713e412a155f27897b942aa612c95547a9663f85a9aa9a19d5f6.exe.zip
Size

6.7MB
MD5

7a1680d738d4dc8fca852d14f7674a73
SHA1

75afa3d547710315ca794ce1f2491c73b3ea5cd9
SHA256

0232212963b94d84701d929f1fa537aab8a2dfe289d2aaeba165a9fcb27e985c
SHA512

44ce4b670faa12ae2e7f1ad02fabc911b8899cba5bdfcd616019aeda1d5288258b0ed24d5e1e657523aa415193099a30b25156d1294866e0357b89c53cb836cd
SSDEEP

196608:TziZnM8x2YlFvzf8RZjrYxe/xizLWj0ClXTE:TOtM8xhhfAJYYxyA0cXTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0c441f2da164713e412a155f27897b942aa612c95547a9663f85a9aa9a19d5f6.exe

Files

0c441f2da164713e412a155f27897b942aa612c95547a9663f85a9aa9a19d5f6.exe.zip
.zip

Password: infected
0c441f2da164713e412a155f27897b942aa612c95547a9663f85a9aa9a19d5f6.exe
.exe windows:4 windows x86 arch:x86

eeebd8fd80045deb0c2a8d73eee49992

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ConvertSidToStringSidA
GetCurrentHwProfileA
GetFileSecurityW
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetTokenInformation
GetUserNameW
IsValidSid
LookupAccountSidW
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA

comctl32

CreatePropertySheetPageW

comdlg32

PageSetupDlgW
PrintDlgExW

dnsapi

DnsQuery_A
DnsRecordListFree

gdi32

AddFontMemResourceEx
Arc
BeginPath
BitBlt
CloseEnhMetaFile
CloseFigure
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCW
CreateDIBSection
CreateEnhMetaFileW
CreateFontIndirectA
CreateFontIndirectW
CreatePalette
CreatePatternBrush
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
EndPath
EnumFontFamiliesExW
ExtCreatePen
ExtCreateRegion
ExtEscape
ExtSelectClipRgn
ExtTextOutW
FillPath
GdiFlush
GdiSetBatchLimit
GetBitmapDimensionEx
GetCharWidth32A
GetClipBox
GetClipRgn
GetCurrentObject
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineA
GetGlyphOutlineW
GetGraphicsMode
GetNearestColor
GetNearestPaletteIndex
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetPaletteEntries
GetRegionData
GetRgnBox
GetStockObject
GetTextCharsetInfo
GetTextExtentPoint32W
GetTextFaceA
GetTextMetricsA
GetWorldTransform
IntersectClipRect
LineTo
MaskBlt
ModifyWorldTransform
MoveToEx
OffsetClipRgn
OffsetRgn
PatBlt
Pie
PolyBezierTo
Polygon
Polyline
RealizePalette
Rectangle
RemoveFontMemResourceEx
ResetDCW
ResizePalette
RestoreDC
SaveDC
SelectClipPath
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetDIBColorTable
SetGraphicsMode
SetMapMode
SetMiterLimit
SetPaletteEntries
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchDIBits
StrokePath
TextOutW
TranslateCharsetInfo
UpdateColors
WidenPath

imm32

ImmGetCompositionStringW
ImmGetContext
ImmGetConversionStatus
ImmGetOpenStatus
ImmIsIME
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetOpenStatus

kernel32

AllocConsole
Beep
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateProcessW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumResourceLanguagesA
EnumSystemLocalesA
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfoExA
GetComputerNameA
GetConsoleCursorInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDrives
GetLongPathNameA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetShortPathNameW
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathA
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetVersion
GetVersionExA
GetVolumeInformationW
GetVolumePathNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAlloc
GlobalFree
GlobalGetAtomNameA
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
Module32First
Module32Next
MoveFileExW
MulDiv
MultiByteToWideChar
OpenFileMappingA
PeekConsoleInputA
PeekNamedPipe
ReadConsoleInputA
ReadDirectoryChangesW
ReadFile
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetConsoleTitleW
SetEnvironmentVariableW
SetEvent
SetFilePointer
SetLastError
SetThreadLocale
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_access
_chmod
_close
_dup
_fdopen
_fstat
_getcwd
_getpid
_lseek
_open
_read
_rmdir
_stat
_strdup
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_assert
_beginthreadex
_cexit
_chsize
_close
_endthreadex
_errno
_fdopen
_filbuf
_findclose
_findfirst
_findnext
_flsbuf
_fstati64
_fullpath
_get_osfhandle
_getch
_hypot
_iob
_isctype
_kbhit
_lseek
_lseeki64
_mbsrchr
_mkdir
_onexit
_open_osfhandle
_osver
_pctype
_pipe
_setjmp
_setmode
_snprintf
_stat
_stati64
_strdup
_stricmp
_strnicmp
_vsnprintf
_vsnwprintf
_waccess
_wchdir
_wchmod
_wcreat
_wfindfirst
_wfindnext
_wfopen
_wfreopen
_wfullpath
_wmkdir
_wopen
_wputenv
_wremove
_wrmdir
_wspawnv
_wspawnve
_wspawnvp
_wspawnvpe
_wstat
_wstati64
_wunlink
_wutime
abort
acos
atan2
atexit
atof
atoi
atol
bsearch
calloc
ceil
cos
ctime
exit
exp
fclose
fflush
fgets
floor
fmod
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen
frexp
fscanf
fseek
ftell
fwrite
getenv
getwc
gmtime
iswctype
isxdigit
ldiv
localeconv
localtime
log
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
modf
perror
pow
printf
putchar
puts
putwc
qsort
raise
rand
realloc
rename
rewind
setlocale
setvbuf
signal
sin
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcoll
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtod
strtol
strtoul
strxfrm
swscanf
system
tan
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vfwprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncpy
wcsrchr
wcstombs
wcsxfrm

msimg32

GradientFill

ole32

CoCreateInstance
CoInitialize
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleInitialize
OleUninitialize
RegisterDragDrop

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
DragQueryPoint
ExtractIconExA
ExtractIconExW
SHAppBarMessage
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

shlwapi

AssocQueryKeyW
AssocQueryStringW

user32

AdjustWindowRectEx
BeginPaint
CallWindowProcA
ChangeClipboardChain
ChildWindowFromPoint
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CopyIcon
CountClipboardFormats
CreateCursor
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnableMenuItem
EnableWindow
EndPaint
EnumClipboardFormats
EnumDisplayMonitors
EnumWindows
FillRect
FlashWindow
GetActiveWindow
GetAncestor
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetClipboardOwner
GetCursor
GetCursorPos
GetDC
GetDesktopWindow
GetDialogBaseUnits
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetMessagePos
GetMessageTime
GetMonitorInfoA
GetParent
GetProcessWindowStation
GetQueueStatus
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetUpdateRgn
GetUserObjectInformationA
GetWindow
GetWindowLongA
GetWindowLongW
GetWindowRect
GetWindowRgn
InSendMessage
InvalidateRect
InvalidateRgn
IsIconic
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadImageA
MapVirtualKeyA
MessageBeep
MessageBoxA
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClassExW
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
ScreenToClient
ScrollDC
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetParent
SetRect
SetRectEmpty
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowOwnedPopups
ShowWindow
SystemParametersInfoA
ToAsciiEx
ToUnicode
ToUnicodeEx
TrackMouseEvent
TranslateMessage
UnregisterClassA
UpdateWindow
ValidateRgn
WindowFromPoint

usp10

ScriptFreeCache
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptPlace
ScriptShape

winmm

timeGetTime

winspool.drv

ClosePrinter
GetDefaultPrinterW
GetJobW
GetPrinterW
OpenPrinterW

ws2_32

WSAAddressToStringA
WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetEvent
WSAStartup
WSAStringToAddressA
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getservbyname
getsockname
getsockopt
htons
ioctlsocket
listen
recv
select
send
setsockopt
shutdown
socket

Exports

Exports

g_win32_run_session_bus@16

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

eeebd8fd80045deb0c2a8d73eee49992

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

dnsapi

gdi32

imm32

kernel32

msvcrt

msimg32

ole32

shell32

shlwapi

user32

usp10

winmm

winspool.drv

ws2_32

Exports

Exports

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.data Size: 92KB - Virtual size: 91KB

.rdata Size: 3.7MB - Virtual size: 3.7MB

/4 Size: 2.2MB - Virtual size: 2.2MB

.bss Size: - Virtual size: 31KB

.edata Size: 512B - Virtual size: 84B

.idata Size: 19KB - Virtual size: 19KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 483KB - Virtual size: 483KB

.text
Size: 9.9MB - Virtual size: 9.9MB

.data
Size: 92KB - Virtual size: 91KB

.rdata
Size: 3.7MB - Virtual size: 3.7MB

/4
Size: 2.2MB - Virtual size: 2.2MB

.bss
Size: - Virtual size: 31KB

.edata
Size: 512B - Virtual size: 84B

.idata
Size: 19KB - Virtual size: 19KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 483KB - Virtual size: 483KB