b602d9c79437e7ebb2bb5b6857bf484dd6d960ee05fb682e41a43114837d1fd8[.]zip

Resubmissions

04/01/2024, 03:51

240104-eellbsgceq 3

04/01/2024, 03:42

240104-d9t1hsgbfp 3

Sharing

Copy URL Twitter E-mail

General

Target

b602d9c79437e7ebb2bb5b6857bf484dd6d960ee05fb682e41a43114837d1fd8.zip
Size

17KB
MD5

781c0d4abde1d1430ac12488fc358340
SHA1

0d216d5ee30b3c00b457461002ce1d7ba3606dde
SHA256

f19969c96f801649ead5aed772e748c5eabe8504bc0a8ba96b09829d8afd7530
SHA512

6c3318680a6eba4e5721714d533a5b8757fdfed51744c07b71de426aa39282bcc257c32df04097a4df518243c219f6f31e226dcf1a7020f7b49549c3b4ab6190
SSDEEP

384:lU6BeKwaajEDsiCR93cDqOMZuissT+5dLCjUcV+q80LcYYeaeaOzyITIZkPTZ:cKqjEwx93c+CisQSZy+dYcYYeKOfl9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/replay.exe

Files

b602d9c79437e7ebb2bb5b6857bf484dd6d960ee05fb682e41a43114837d1fd8.zip
.zip

Password: infected
replay.exe
.exe windows:4 windows x86 arch:x86

867154328e8b682181c5adf161c84834

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

olecli32

BmQueryBounds
BmRelease
BmSaveToStream
CheckNetDrive
ConnectDlgProc
DefCreate
DefCreateFromClip
DefCreateFromFile
DefCreateFromTemplate
DefCreateInvisible
DefLoadFromStream
DibChangeData
DibClone
DibCopy
DibDraw
DibEnumFormat

pdh

PdhCreateSQLTablesW
PdhEnumLogSetNamesA
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhEnumMachinesHA
PdhEnumMachinesHW
PdhEnumMachinesW
PdhEnumObjectItemsA
PdhEnumObjectItemsHA
PdhEnumObjectItemsHW
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhEnumObjectsHA
PdhEnumObjectsHW
PdhEnumObjectsW
PdhExpandCounterPathA
PdhCreateSQLTablesW
PdhEnumLogSetNamesA
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhEnumMachinesHA
PdhEnumMachinesHW
PdhEnumMachinesW
PdhEnumObjectItemsA
PdhEnumObjectItemsHA
PdhEnumObjectItemsHW
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhEnumObjectsHA
PdhEnumObjectsHW
PdhEnumObjectsW
PdhExpandCounterPathA
PdhCreateSQLTablesW
PdhEnumLogSetNamesA
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhEnumMachinesHA
PdhEnumMachinesHW
PdhEnumMachinesW
PdhEnumObjectItemsA
PdhEnumObjectItemsHA
PdhEnumObjectItemsHW
PdhEnumObjectItemsW
PdhEnumObjectsA
PdhEnumObjectsHA
PdhEnumObjectsHW
PdhEnumObjectsW
PdhExpandCounterPathA

mpr

WNetGetLastErrorA
WNetGetLastErrorW

msvcrt

fread
fopen

netapi32

DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcNameWithAccountA
DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW

kernel32

QueryDosDeviceA
GetVersionExW
MulDiv
EnumCalendarInfoW
GetACP
GetCommConfig
GetCommState
GetCommandLineA
GetWindowsDirectoryA

psapi

EnumProcesses

imm32

ImmEscapeA

mfcsubs

??1CObject@@UAE@XZ
??1CString@@QAE@XZ
??1CStringArray@@UAE@XZ
??1CSyncObject@@UAE@XZ
??4CPlex@@QAEAAU0@ABU0@@Z
??4CString@@QAEABV0@ABV0@@Z
??4CString@@QAEABV0@D@Z
??4CString@@QAEABV0@G@Z
??4CString@@QAEABV0@PBD@Z
??4CString@@QAEABV0@PBE@Z
??4CString@@QAEABV0@PBG@Z
??8@YG_NABVCString@@0@Z
??8@YG_NABVCString@@PBG@Z
??8@YG_NPBGABVCString@@@Z
??9@YG_NABVCString@@0@Z
??9@YG_NABVCString@@PBG@Z
??9@YG_NPBGABVCString@@@Z

mlang

ConvertINetString
ConvertINetString

msdart

??1CCritSec@@QAE@XZ
??1CCritSec@@QAE@XZ

mapi32

BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
cmc_free
cmc_list
cmc_logoff
cmc_logon
cmc_look_up
cmc_query_configuration
cmc_read
cmc_send
cmc_send_documents

Sections

.code
Size: 2KB - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rSRC
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.neolit
Size: 512B - Virtual size: 480B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

867154328e8b682181c5adf161c84834

Headers

File Characteristics

Imports

olecli32

pdh

mpr

msvcrt

netapi32

kernel32

psapi

imm32

mfcsubs

mlang

msdart

mapi32

Sections

.code Size: 2KB - Virtual size: 11KB

.data Size: 10KB - Virtual size: 80KB

rSRC Size: 29KB - Virtual size: 32KB

.reloc Size: 512B - Virtual size: 1KB

.neolit Size: 512B - Virtual size: 480B

.code
Size: 2KB - Virtual size: 11KB

.data
Size: 10KB - Virtual size: 80KB

rSRC
Size: 29KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 1KB

.neolit
Size: 512B - Virtual size: 480B