ddc8b938a1c1a5c269eeda64bdb429f4c4fd8204440231faec120478ca6a8fab[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ddc8b938a1c1a5c269eeda64bdb429f4c4fd8204440231faec120478ca6a8fab.exe.zip
Size

16.4MB
MD5

4aabc7b3ee43a971a98c3a14643ebc7c
SHA1

6c9f13034fc8444c4b41027aea7d6d8d403c33de
SHA256

ba51b7c83e9464c31b0ce1927fae220c16777cfa039e0a972738f7a4e1e4ddfb
SHA512

fd606bbe18dc8984b5bf55d6a3381bed2fb3e756f351b40fe67cf7226a4b39bfe8afa52c89f48ea089fc6d867b6329eb652fc8caa7a43521a6f5b7b6a0524f82
SSDEEP

393216:geljYp7Dv9Q3sMr/Eegah85dQFvtTMTSRNY72fdIK9KB:zY/lssMjEeZ85dQBeSRA2r+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ddc8b938a1c1a5c269eeda64bdb429f4c4fd8204440231faec120478ca6a8fab.exe

Files

ddc8b938a1c1a5c269eeda64bdb429f4c4fd8204440231faec120478ca6a8fab.exe.zip
.zip

Password: infected
ddc8b938a1c1a5c269eeda64bdb429f4c4fd8204440231faec120478ca6a8fab.exe
.exe windows:6 windows x86 arch:x86

e51ee40ae0ed0decdf850b45dd7e4ce6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
lstrlenA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
ExpandEnvironmentStringsA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
CompareStringA
GetVersion
GetModuleHandleW
FreeResource
LockResource
LoadResource
SizeofResource
CloseHandle
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
SetCurrentDirectoryA
GetTempFileNameA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
ExitProcess
LoadLibraryExA
GetVersionExA
GetExitCodeProcess
GetProcAddress
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
FindResourceA
LoadLibraryA
FreeLibrary
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
RtlUnwind
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
WaitForSingleObject

gdi32

GetDeviceCaps

user32

SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
GetDC
ReleaseDC
SetWindowPos
SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DispatchMessageA
CallWindowProcA
GetWindowLongA
SetWindowLongA
CharPrevA
CharUpperA
CharNextA
ExitWindowsEx
EndDialog
GetDesktopWindow
LoadStringA
SetDlgItemTextA
MessageBeep
GetWindowRect
GetSystemMetrics

msvcrt

_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
__getmainargs
memcpy
memset
_vsnprintf

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.4MB - Virtual size: 16.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

e51ee40ae0ed0decdf850b45dd7e4ce6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

version

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 1KB - Virtual size: 8KB

.rsrc Size: 16.4MB - Virtual size: 16.4MB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 1KB - Virtual size: 8KB

.rsrc
Size: 16.4MB - Virtual size: 16.4MB

.reloc
Size: 3KB - Virtual size: 3KB