320b7a3edd04fb89681ab214f5f85f9aa922e0b6cbb9fd8fb9555c38b2e9f344[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

320b7a3edd04fb89681ab214f5f85f9aa922e0b6cbb9fd8fb9555c38b2e9f344.exe.zip
Size

8.9MB
MD5

463049b46a7d50fe8921ea8f86324f38
SHA1

41b1f264008672c16f75f2e132ef5791d96b3944
SHA256

b86527c85baa9cd3c301c4fe29eb74d541dc541514b86cfe04006d36af9bd4d7
SHA512

e7493c1302d30ea3938e3981ef0dd35f934821637dc9c3b8c5eaac91cd4d85becc1c236efd8038bf4c5c0bf545a3c250973abaf92280265cfe58b2e2f554c8d2
SSDEEP

196608:UlpWT0wpt+jAMYyhhzQkzdgD8xJh7RWzXiIIOaMKzObhCW+b90yp2AslgD3:UlptVjA/8zdhJrWzXClMKK6i8D3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/320b7a3edd04fb89681ab214f5f85f9aa922e0b6cbb9fd8fb9555c38b2e9f344.exe

Files

320b7a3edd04fb89681ab214f5f85f9aa922e0b6cbb9fd8fb9555c38b2e9f344.exe.zip
.zip

Password: infected
320b7a3edd04fb89681ab214f5f85f9aa922e0b6cbb9fd8fb9555c38b2e9f344.exe
.exe windows:5 windows x86 arch:x86

a701c3eb70c6acc8ebde17700af52c8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetDlgItemTextA
SetWindowTextA
DialogBoxParamA
EndDialog
GetDlgItem
DefDlgProcA
LoadIconA
LoadCursorA
RegisterClassA
SendDlgItemMessageA
ExitWindowsEx
EnumWindows
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
IsWindowVisible
GetWindowThreadProcessId
FindWindowA
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
MessageBoxA
MessageBoxW

advapi32

RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW

comctl32

ord17

comdlg32

GetOpenFileNameW

kernel32

GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
GetFileAttributesW
GetTimeZoneInformation
SetEnvironmentVariableA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
WriteConsoleA
SetStdHandle
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEndOfFile
LoadLibraryW
CreateFileW
SetFilePointer
GetLastError
WriteFile
ReadFile
GetProcAddress
LoadLibraryA
GetUserDefaultLCID
CloseHandle
CreateDirectoryW
GetLongPathNameW
ExitProcess
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
FindFirstFileA
CreateFileA
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GetWindowsDirectoryA
GetLongPathNameA
GetEnvironmentVariableA
GetTempPathA
GetWindowsDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetFullPathNameW
GetFullPathNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetConsoleOutputCP
GetCurrentProcessId
DuplicateHandle
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetProcessHeap
SetEnvironmentVariableW
SearchPathW
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
CreateSemaphoreA
DeleteFileA
GetCommandLineW
Sleep
SizeofResource
LockResource
LoadResource
FindResourceA
SetConsoleTitleA
GetTickCount
GetConsoleTitleA
AllocConsole
GetModuleHandleA
CreateDirectoryA
SetCurrentDirectoryW
SetThreadPriority
CreateThread
GetCurrentDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
RemoveDirectoryA
HeapAlloc
HeapFree
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleW
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

a701c3eb70c6acc8ebde17700af52c8b

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

comctl32

comdlg32

kernel32

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 7KB - Virtual size: 96KB

.rsrc Size: 29KB - Virtual size: 29KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 7KB - Virtual size: 96KB

.rsrc
Size: 29KB - Virtual size: 29KB

.reloc
Size: 11KB - Virtual size: 11KB