14568482619[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

14568482619.zip
Size

1.6MB
MD5

2a3bc1b6008542b052f44855844cddf8
SHA1

b2df8bb4a800cf488d10415c76790eff5ce72fb6
SHA256

e720b3b80d62671ad254ae282434a617c9a023f20c19ef3ebdeca59cf062e5cf
SHA512

69ee2a5da42cff130b0cfe87b0475666ff9459a9613664220dc1a41a8689bccf3a2e65c6dc45ffbf6939d29d89bce4d299c212383e8e9c7a30dcc264b68a4921
SSDEEP

49152:wvG6dRFUdAf44a+SQvIlYFfpbiAXg/PL3Hm:6jHAAf4hFQvIlqfBVQ3L2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ebf10222bdd19bd8f14b7e94694c1534d4fe1d1047034aee7ffe9492cad4a92f

Files

14568482619.zip
.zip

Password: infected
ebf10222bdd19bd8f14b7e94694c1534d4fe1d1047034aee7ffe9492cad4a92f
.dll windows:4 windows x86 arch:x86

93947df44c871ff46e36f3ec913a308d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetCurrentHwProfileA
GetUserNameW
RegCloseKey
RegOpenKeyExW

dbghelp

StackWalk64
SymCleanup
SymFromAddr
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileW
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FlushFileBuffers
FreeLibrary
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProductInfo
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount64
GetVersionExW
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
SetEvent
SetFilePointer
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
Thread32First
Thread32Next
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_setjmp3
_strdup
_ultoa
_unlock
_vsnprintf
_vsnwprintf
abort
atoi
calloc
exit
fgetwc
fprintf
fputc
fputs
free
fwrite
getc
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
setlocale
strchr
strcmp
strerror
strlen
strncmp
vfprintf
wcslen

oleaut32

SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysAllocString
SysFreeString
VariantInit

shlwapi

PathCombineW

user32

CharLowerBuffW
GetIconInfo

wininet

HttpOpenRequestW
HttpSendRequestW
InternetConnectW
InternetOpenW
InternetQueryOptionW
InternetSetOptionW

Exports

Exports

Dbjkxfet
Gevwmcvr@4
Gtnlfj@4
Hxkaxado@0
Ioekqlwr@0
Rmewc
Rpxatzud
Vokyeft@0
Wsbkbvx@4
Xszxwkz

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

93947df44c871ff46e36f3ec913a308d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

dbghelp

kernel32

msvcrt

oleaut32

shlwapi

user32

wininet

Exports

Exports

Sections

.text Size: 139KB - Virtual size: 139KB

.data Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 16KB - Virtual size: 15KB

.eh_fram Size: 25KB - Virtual size: 25KB

.bss Size: - Virtual size: 2KB

.edata Size: 512B - Virtual size: 512B

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 139KB - Virtual size: 139KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 16KB - Virtual size: 15KB

.eh_fram
Size: 25KB - Virtual size: 25KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 512B

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 5KB - Virtual size: 5KB