4af18b2314609db33db030b963aa1d9a43cbb627472ed8f9235ef476236ad7b6[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4af18b2314609db33db030b963aa1d9a43cbb627472ed8f9235ef476236ad7b6.zip
Size

131KB
MD5

8fbeb442a9b25c66bacd9563849893d1
SHA1

7201a82c626934abf96f18d32ea935a7c251202a
SHA256

7b94f6cb88ce31f3e2eefb13c98ca9ae82548dc89549d67dcf842ec6b9367a49
SHA512

466c57beae001265ae64240116daf6a03006d05d70a9f5ddf5ef771dbeaa91c85e53ada344abe1782ca3aa9dda73ffc52ed8ec553a55b0c7596289939a523842
SSDEEP

1536:uLmcjzj57ZUNPxGVTYDtDxQCGa2f638aMmnJ+a+133Vi5at50HcXRNVj04AUh0B+:ujXjUPSMDCann4aatVNt0rWZCIkK9Iif

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4af18b2314609db33db030b963aa1d9a43cbb627472ed8f9235ef476236ad7b6

Files

4af18b2314609db33db030b963aa1d9a43cbb627472ed8f9235ef476236ad7b6.zip
.zip

Password: infected
4af18b2314609db33db030b963aa1d9a43cbb627472ed8f9235ef476236ad7b6
.dll windows:5 windows x64 arch:x64

3de81f2ec8c841a20c72cc6358c883ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
GetTempPathA
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
ExitProcess
GetModuleFileNameA
DisableThreadLibraryCalls
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetLastError
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
GetModuleHandleW
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
MultiByteToWideChar
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapSize
GetStringTypeW

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3de81f2ec8c841a20c72cc6358c883ca

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 96KB - Virtual size: 100KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 96KB - Virtual size: 100KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB