SPF9139[.]Setup[.]bin[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SPF9139.Setup.bin.zip
Size

5.4MB
MD5

fdc28733410fcc52ba3694cbdaa74ec8
SHA1

81ad674362ceb8bd316467d97b43bb64b818a289
SHA256

907462dbfb378506e359aa4738fdeeea493a2e8a582f627a6262d934ab7d5a79
SHA512

c4f24096783869f4d14cf87a1f030468ac2e14d256032ffb23f177a192f859454320c7c9a47a9aea425d82a546a2d96f50f8095a5172a80223b928bbd49cab85
SSDEEP

98304:o9Z2F6Wb6nf1kjHxSQjF3T+ewKOztZ+89Cs7IQ5OzG/V3nQOfpssw/wvfq:oiF6WunfSHIyMlfz7+HqnN3Tfn3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SPF9139.Setup.bin

Files

SPF9139.Setup.bin.zip
.zip

Password: infected
SPF9139.Setup.bin
.exe windows:5 windows x86 arch:x86

Password: infected

b3797f7cdade62004d38bfe486cbeb84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

timeGetTime

d3d9

Direct3DCreate9

winspool.drv

GetPrinterW

comdlg32

PrintDlgW

comctl32

ImageList_Add

shell32

ShellExecuteW

user32

GetDC

version

VerQueryValueW

oleaut32

VariantInit

advapi32

RegEnumKeyW

netapi32

NetWkstaGetInfo

msvcrt

memcmp

shfolder

SHGetFolderPathW

ole32

OleDraw

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 1.4MB - Virtual size: 14.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE