14019288482[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

14019288482.zip
Size

1.3MB
MD5

2a82ab8f89156a7514d933b5183aa2e9
SHA1

6b7a65bc937cb131c234ed16b494e481648b8bce
SHA256

497e6162ce3cc593eb5edbffbc35910ff9e013f3b3912b2f0fbbfe8f76a0ca3e
SHA512

4e6e7669789bcdff168020535b8acf2e6838b78e6bff687234b22d90b8a7724944c5a42c4d18acce9a6e65e8a73810369d17835c46ef045131f50afd6b2241bd
SSDEEP

24576:tFNgcEHfu8qj35llBcCi+z4ccDxmuINiqqV2erGvr7TRLTQITrJ6iB:uW8qTfrcU0HxjINb7sGvnT2IoiB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5ee97500f118f838e694da167e6f3a501869de13465d36fd92994cf992540ecb

Files

14019288482.zip
.zip

Password: infected
5ee97500f118f838e694da167e6f3a501869de13465d36fd92994cf992540ecb
.exe windows:4 windows x86 arch:x86

18e18edb5ba88a9ee162e64c1354daa8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
GetSystemMenu
GetMenuItemCount
GetMenuItemID
EnableMenuItem
EnableWindow
ShowWindow
IsWindow
FindWindowA
CharUpperA
SendMessageA
LoadStringA
GetDlgItem
MessageBoxA
PostMessageA
CharNextA

oleaut32

VariantClear
SysFreeString
SysAllocString

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shlwapi

PathFindFileNameA
StrStrIA
PathAppendW
PathFindFileNameW
StrStrIW
PathRemoveExtensionA
PathAppendA

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
IsBadCodePtr
SetStdHandle
GetStringTypeW
FlushFileBuffers
LCMapStringW
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
IsBadReadPtr
FreeEnvironmentStringsA
VirtualQuery
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
GetStringTypeA
HeapSize
TerminateProcess
ExitProcess
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
GetPrivateProfileIntA
GetModuleFileNameA
SetUnhandledExceptionFilter
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
SuspendThread
GetProcAddress
GetModuleHandleA
RaiseException
CreateFileA
FreeLibrary
LoadLibraryA
GetLocalTime
GetFileAttributesA
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetLastError
WaitForSingleObject
lstrlenA
lstrcatA
GetStartupInfoA
SizeofResource
LoadResource
FindResourceA
GetTempPathA
CreateFileW
GetTempPathW
VirtualProtect
CreateDirectoryA
lstrcpynA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
FindFirstFileA
Sleep
GetPrivateProfileStringA
MoveFileA
OutputDebugStringA
GetTickCount
GetDiskFreeSpaceA
lstrcpyA
ReleaseMutex
CreateThread
GetCommandLineA
CreateMutexA
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VirtualAlloc
VirtualFree
DeleteCriticalSection
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetFileTime
SetLastError
SetFileAttributesW
CreateDirectoryW
DeleteFileW
FindFirstFileW
SetEndOfFile
GetSystemInfo
RtlUnwind
HeapFree
HeapReAlloc
HeapAlloc
ExitThread
GetOEMCP
GetCPInfo
TlsAlloc

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 800KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

18e18edb5ba88a9ee162e64c1354daa8

Headers

File Characteristics

Imports

user32

oleaut32

advapi32

shlwapi

kernel32

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 1.0MB

.rsrc Size: 800KB - Virtual size: 798KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 1.0MB

.rsrc
Size: 800KB - Virtual size: 798KB