06012024_1033_Doc-2023-10-19-5434[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

06012024_1033_Doc-2023-10-19-5434.zip
Size

179KB
MD5

76ba9eac3c160cc44efbd9cc4fbdec00
SHA1

8b883114979fa9db54ca96e950ef9648119ccec4
SHA256

474101dc96b2a22cb39523863e634f9999bc4a723505cfe4e0aecaa17643159d
SHA512

adb3239e7f302ce26c27b839952d173cc88b95dcc0f6432f74ff15e10791e06e6fc5bf231f38280ba086f1d24a7197e82dfd0d284c0178b43aa44d9a1589f43c
SSDEEP

3072:KFxHZ3+3PvekufSh03evgKHl9Le4FFNBiZ/il7v4d3prYrV1F3ajrWR2PH4wJiLv:KFtkXwShFvgI9LeKsalr+3p0jF0nYwM7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/quo.amet

Files

06012024_1033_Doc-2023-10-19-5434.zip
.zip

Password: infected
Doc-2023-10-19-5434.iso
.iso

Password: infected
CLICK-TO-OPEN.lnk
.lnk
eos.bat
quo.amet
.dll windows:10 windows x64 arch:x64

Password: infected

61ded941cedf7b318f91e5419185c3e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy_s
memcpy
_putws
free
malloc
_callnewh
_XcptFilter
_amsg_exit
_initterm
__C_specific_handler
_lock
_unlock
__dllonexit
_onexit
memmove
_purecall
_vsnwprintf
memset

user32

DrawFrameControl
SetRect
IsWindow
InvertRect
GetSysColorBrush
GetDoubleClickTime
MessageBoxW
ToUnicode
GetKeyboardState
MapVirtualKeyW
GetKeyState
UnhookWindowsHookEx
CallNextHookEx
SetCursor
FillRect
MapWindowPoints
GetCursorPos
GetSystemMetrics
PtInRect
BeginPaint
GetDC
EndPaint
ReleaseDC
GetForegroundWindow
GetGUIThreadInfo
UpdateLayeredWindow
DefWindowProcW
KillTimer
GetWindowLongW
ReleaseCapture
SetCapture
SendMessageW
OffsetRect
GetClientRect
GetWindowRect
InvalidateRect
IsWindowEnabled
EnableWindow
IsWindowVisible
ShowWindow
MoveWindow
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassW
LoadCursorW
SetWindowLongPtrW
SystemParametersInfoW
GetMonitorInfoW
MonitorFromPoint
GetWindowLongPtrW
GetDesktopWindow
SetWindowsHookExW
EndDialog
CreateDialogParamW
GetMessageW
DrawEdge
SetTimer
PostQuitMessage
TranslateMessage
DispatchMessageW
RegisterWindowMessageW
PostThreadMessageW
LoadStringW
DialogBoxParamW
GetDlgItem
SetWindowLongW
GetSysColor

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
IsTextUnicode
RegNotifyChangeKeyValue
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyW

kernel32

GetStringTypeExW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
WriteFile
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
GetConsoleMode
GetFileType
WriteConsoleW
GetStdHandle
CreateThread
GlobalFree
LoadLibraryW
ExpandEnvironmentStringsW
ResetEvent
FreeLibrary
Sleep
MulDiv
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetFullPathNameW
RtlCaptureContext
GetModuleFileNameW
DeleteCriticalSection
TlsFree
TlsAlloc
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
OpenSemaphoreW
WaitForSingleObject
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
CloseHandle
SetLastError
OutputDebugStringW
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
DebugBreak
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
LocalReAlloc
LocalAlloc
CompareStringW
GetLastError
TlsSetValue
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetCommandLineW
CompareStringOrdinal
lstrlenW
LocalFree
TlsGetValue
GetCurrentThreadId

gdi32

SetTextColor
SetBkMode
GetTextMetricsW
SelectObject
GetStockObject
CreateFontW
GetTextExtentPoint32W
DeleteDC
CreateDIBSection
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
DeleteObject
ExtTextOutW
SetBkColor

shell32

SHExtractIconsW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
SysAllocString

shlwapi

ord487

msctf

TF_GetThreadMgr
TF_CreateCategoryMgr
TF_CreateInputProcessorProfiles
TF_GetInitSystemFlags

Exports

Exports

qictionaryGeneratorW
qllCanUnloadNow
qllGetClassObject
qllRegisterServer
qllUnregisterServer
qELPW
qelpW
qegisterProfileW
qnregisterProfileW
scab

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 456KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

61ded941cedf7b318f91e5419185c3e5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

advapi32

kernel32

gdi32

shell32

ole32

oleaut32

shlwapi

msctf

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 456KB - Virtual size: 454KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 456KB - Virtual size: 454KB

.reloc
Size: 2KB - Virtual size: 2KB