ebe77c060f8155e01703cfc898685f548b6da12379e6aefb996dbcaac201587c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ebe77c060f8155e01703cfc898685f548b6da12379e6aefb996dbcaac201587c.zip
Size

121KB
MD5

997fb8bb23086013c206a4020ba3c1ef
SHA1

271d447fd7ac3cc8b106c223fe6f8bb408608f9c
SHA256

5ee393739db57716b631692bdfc104cd9c1ce5da1e06f70676700a77a5335b0a
SHA512

a5a581305e74886625e5ec4258649a8e2ec0875eb9970ed7bc6f372d4369a23d88b691b8d7478f3fed9cc2e978457bac4d8d589e8ecbb4700154ad8dda8be9ab
SSDEEP

3072:GobatlNgQt/zsN5d3hblMWZPc0+4gmWtNKg9sMh:7MlqD/d3J67Xj5NKg9sMh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ebe77c060f8155e01703cfc898685f548b6da12379e6aefb996dbcaac201587c

Files

ebe77c060f8155e01703cfc898685f548b6da12379e6aefb996dbcaac201587c.zip
.zip

Password: infected
ebe77c060f8155e01703cfc898685f548b6da12379e6aefb996dbcaac201587c
.dll windows:10 windows x64 arch:x64

2a175eb2a32230fdcbec1d8bd49d0a90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

AppVStreamingUX.pdb

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__configure_narrow_argv
_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__stricmp
memmove
_o__wmakepath_s
_o__wsplitpath_s
_o_free
_o_malloc
_o_terminate
_o_wcscpy_s
_CxxThrowException
_o__cexit
__C_specific_handler
strrchr
__std_terminate
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__CxxFrameHandler4
__CxxFrameHandler3
memcpy

api-ms-win-crt-string-l1-1-0

memset

pdh

PdhGetFormattedCounterArrayW
PdhAddEnglishCounterW
PdhCollectQueryData
PdhCloseQuery
PdhOpenQueryW
PdhGetRawCounterValue

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

kernel32

InitializeCriticalSectionAndSpinCount
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RaiseException
HeapDestroy
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetCurrentThread
GetCurrentProcess
LocalFree
GetExitCodeProcess
CreateThread
SetEvent
GetTickCount64
Sleep
CreateEventW
WaitForSingleObject
TerminateProcess
DisableThreadLibraryCalls
DeleteCriticalSection
CloseHandle
GetLastError
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

advapi32

ImpersonateLoggedOnUser
DuplicateToken
GetTokenInformation
GetSidSubAuthority
GetSidLengthRequired
CopySid
InitializeSid
IsValidSid
ConvertSidToStringSidW
GetLengthSid
CreateProcessAsUserW
OpenThreadToken
EventRegister
EventUnregister
EventWriteTransfer
RevertToSelf
OpenProcessToken

ole32

CLSIDFromString

Exports

Exports

Deinitialize
GetComponent
Initialize
InitializeISV

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2a175eb2a32230fdcbec1d8bd49d0a90

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

pdh

userenv

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB