220815-pfhk6sdda3_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

220815-pfhk6sdda3_pw_infected.zip
Size

71KB
MD5

090a9049cdd81736371c47cea7d4660e
SHA1

2a332d9ee64eceb8980df2a827220a718a00d0c7
SHA256

bb3e4b68075068db046508e0fdea7c897653ed8b14a9fbcb2018a5620c6fae79
SHA512

64a2dd303ea1e493e6c68def4baf3a8a944dacefd63aba0f736060bae88c2bd8127701535f02d822c796ee53e05d5d823f66364e535a135f2f3b5cb029fb8969
SSDEEP

1536:aZ5nHire8zMqalPpfotbKIyPheADBJeaXYgzdvl4u72:a/nH3+2d2aNzIc2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winlog.wll

Files

220815-pfhk6sdda3_pw_infected.zip
.zip

Password: infected
winlog.wll
.dll windows:5 windows x86 arch:x86

6476b7c4dd55eafbdf922a7ba1e2d5f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
FlushFileBuffers
GetLastError
LoadLibraryA
lstrcpyW
CreateThread
GlobalAlloc
ExitProcess
CreateFileA
GetTickCount
SetFilePointer
GetModuleFileNameA
IsDebuggerPresent
WinExec
GetTempPathA
lstrlenA
GetCurrentProcess
OpenProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetFileSize
CloseHandle
CreatePipe
ReadFile
Sleep
WriteFile
SetHandleInformation
CreateProcessW
GetCommandLineA
PeekNamedPipe
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
RtlUnwind
HeapReAlloc
LCMapStringW
EncodePointer
DecodePointer
IsProcessorFeaturePresent
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
RaiseException
GetStdHandle
GetModuleFileNameW
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryExW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
WriteConsoleW

advapi32

RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetQueryOptionA

ws2_32

connect
WSAStartup
inet_addr
closesocket
recv
socket
gethostbyname
send
setsockopt
htons

Exports

Exports

DllEntry00
DllEntry01
DllEntry02
DllEntry03
DllEntry04
DllEntry05
DllEntry06
DllEntry07
DllEntry08
DllEntry09
DllEntry10
DllEntry11
DllEntry12
DllEntry13
DllEntry14
DllEntry15
DllEntry16
DllEntry17
DllEntry18
DllEntry19
DllEntry20
DllEntry21
DllEntry22
DllEntry23
DllEntry24
DllEntry25
DllEntry26
DllEntry27
DllEntry28
DllEntry29
DllEntry30
DllEntry31
DllEntry32
DllEntry33

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6476b7c4dd55eafbdf922a7ba1e2d5f9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 5KB