Backdoor[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Backdoor.zip
Size

41KB
MD5

2a921a0700e9c1c304421d0626da76d8
SHA1

eb537eded51b218a44f03035f6af5f04accadd20
SHA256

546557e4edb59377b485ba4e49d1c35ae2f3a2b9566d0161f67edad73be5c68f
SHA512

26c8624bb1054da22ccfaeea8fa683375fc78152f46200cbb159eb03867c253fa6aec2adb3f00eb774fceecf827dccbc6304bd55f644f92dc0a92256fd7320e2
SSDEEP

768:ixONuKhl3QRE6Wz042UjjZ5uU/Th6p1IRM20veUJDJ7Q74:IJKhBX6Wz32U3PXTh6jUM20veyQ74

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1 (1).exe
unpack001/1 (2).exe

Files

Backdoor.zip
.zip

Password: infected
1 (1).exe
.exe windows:4 windows x86 arch:x86

Password: infected

8b9495644903303348c1423aa15e786a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4079
ord1849
ord4244
ord2583
ord4589
ord4899
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord4403
ord5240
ord5290
ord3748
ord1726
ord4432
ord303
ord813
ord800
ord5253
ord3998
ord4723
ord2535
ord1942
ord4272
ord4588
ord4370
ord4892
ord4532
ord5259
ord3399
ord3734
ord384
ord686
ord3571
ord4000
ord2862
ord1641
ord1146
ord2096
ord3626
ord3663
ord2414
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord794
ord674
ord554
ord529
ord527
ord366
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord2252
ord5252
ord1133
ord3481
ord3797
ord4284
ord1576
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord4615
ord4613
ord825
ord1168

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
__p__commode
_onexit
__dllonexit
malloc
_setmbcp
__p__fmode
_controlfp
__set_app_type
_except_handler3
__CxxFrameHandler
exit
_exit

kernel32

CloseHandle
VirtualProtect
ReleaseMutex
GetLastError
CreateMutexA
CreateThread
LoadLibraryA
ResetEvent
FreeLibrary
Sleep
OutputDebugStringA
GetModuleHandleA
GetStartupInfoA
WaitForSingleObject
GetProcAddress
CreateEventA

user32

wsprintfA
UpdateWindow
EnableWindow
LoadBitmapA
SendMessageA

comctl32

ImageList_AddMasked

ws2_32

closesocket
gethostbyname
htons
send
WSACleanup

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1 (2).exe
.exe windows:4 windows x86 arch:x86

Password: infected

8b9495644903303348c1423aa15e786a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord6215
ord617
ord5301
ord5214
ord296
ord986
ord520
ord823
ord4159
ord6117
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4079
ord1849
ord4244
ord2583
ord4589
ord4899
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord1776
ord4403
ord5240
ord5290
ord3748
ord1726
ord4432
ord303
ord813
ord800
ord5253
ord3998
ord4723
ord2535
ord1942
ord4272
ord4588
ord4370
ord4892
ord4532
ord5259
ord3399
ord3734
ord384
ord686
ord3571
ord4000
ord2862
ord1641
ord1146
ord2096
ord3626
ord3663
ord2414
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord794
ord674
ord554
ord529
ord527
ord366
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord2252
ord5252
ord1133
ord3481
ord3797
ord4284
ord1576
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4610
ord4612
ord4615
ord4613
ord825
ord1168

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
__p__commode
_onexit
__dllonexit
malloc
_setmbcp
__p__fmode
_controlfp
__set_app_type
_except_handler3
__CxxFrameHandler
exit
_exit

kernel32

CloseHandle
VirtualProtect
ReleaseMutex
GetLastError
CreateMutexA
CreateThread
LoadLibraryA
ResetEvent
FreeLibrary
Sleep
OutputDebugStringA
GetModuleHandleA
GetStartupInfoA
WaitForSingleObject
GetProcAddress
CreateEventA

user32

wsprintfA
UpdateWindow
EnableWindow
LoadBitmapA
SendMessageA

comctl32

ImageList_AddMasked

ws2_32

closesocket
gethostbyname
htons
send
WSACleanup

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

8b9495644903303348c1423aa15e786a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comctl32

ws2_32

msvcp60

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 33KB

Password: infected

8b9495644903303348c1423aa15e786a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comctl32

ws2_32

msvcp60

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 36KB - Virtual size: 33KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 33KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 36KB - Virtual size: 33KB