90f0ff8a482c11e6bf23d41209c303b81914d69e6f9e6eb8a5a009c571f9f7da[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

90f0ff8a482c11e6bf23d41209c303b81914d69e6f9e6eb8a5a009c571f9f7da.zip
Size

792KB
MD5

bed5d39e5d842940e9b630fe2cf928f3
SHA1

a9969ecca5869a35790f2523b120fa260c0a79ea
SHA256

b1c1057e72f89695d9fac45ebed81fcc0443eae3e0d4f9fe11c7e97624074b75
SHA512

fe1f704a78928a71b4b1a9629cfb8bf16b84460ee9ed3fd5d2ccfb8a3cc0fea1a2c6df5914f234ed8cf3e63e214f8aa9415dd05af11b715b4feb9d2fa3533a3b
SSDEEP

12288:HRT8dI0Jg6ZIPZ2aJFqLjQg4G/gfaY812COJt/PlG6eGJ/FcwYgrV0Wa:HSu0JgVP5J+oiYCqbYgZva

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/90f0ff8a482c11e6bf23d41209c303b81914d69e6f9e6eb8a5a009c571f9f7da

Files

90f0ff8a482c11e6bf23d41209c303b81914d69e6f9e6eb8a5a009c571f9f7da.zip
.zip

Password: threatbook
90f0ff8a482c11e6bf23d41209c303b81914d69e6f9e6eb8a5a009c571f9f7da
.exe windows:5 windows x86 arch:x86

Password: threatbook

f37295a71096ccb7f8bd10df4a9c36a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
SetErrorMode
CopyFileA
GetModuleFileNameA
GetProcAddress
GetLastError
ReadFile
Thread32Next
CreateProcessA
Sleep
Thread32First
OpenThread
OpenProcess
WriteFile
ExpandEnvironmentStringsA
GetProcessHeap
HeapFree
GetCurrentProcess
Process32First
GetSystemDirectoryA
Module32First
Process32Next
Module32Next
SetFilePointer
GetTickCount
GetFileAttributesA
CreateMutexA
WaitForSingleObject
TerminateThread
ExitThread
GetExitCodeThread
CreateThread
SetThreadContext
TerminateProcess
DuplicateHandle
GetFileTime
SetFileAttributesA
SetFileTime
HeapAlloc
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetHandleCount
GetFileType
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEndOfFile
lstrlenA
GetFileSize
CreateFileA
GetComputerNameA

user32

EnumChildWindows
GetForegroundWindow
SendMessageA
GetWindowRect
GetClassNameA
WaitForInputIdle

advapi32

CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptHashData
LookupPrivilegeValueA
GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleFileNameExA

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 729KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.EBSS
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: threatbook

Password: threatbook

f37295a71096ccb7f8bd10df4a9c36a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

version

psapi

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 729KB - Virtual size: 736KB

.rsrc Size: 1KB - Virtual size: 1KB

.EBSS Size: 6KB - Virtual size: 5KB

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 729KB - Virtual size: 736KB

.rsrc
Size: 1KB - Virtual size: 1KB

.EBSS
Size: 6KB - Virtual size: 5KB