14686722243[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

14686722243.zip
Size

3.8MB
MD5

85d120a2e3b9cf51559306664985c45c
SHA1

f224d181373e476b1f9ce27994ea1fafc1dbf755
SHA256

821fda0eb8f9eb0033ad5f1443ce11d4209ddd9afa69b1dedeec34bfd32dad35
SHA512

1a42026df4db74b67f16568b43e7380dd03272800d7efd133b626710d66e17f6558f89aeb431b949508cb76c7c9ac58de870490e50961f3fdc05085cfbccbc99
SSDEEP

98304:V8FlwlqGw+dVTiFYsOiUJOD3k8unc0SS4Y7Sty:6zw4L+ZzT6kFncIuM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b20d1ebe9d39ae587af87076e24275cfc47de4cb4b6860607e25f61847a216d7

Files

14686722243.zip
.zip

Password: infected
b20d1ebe9d39ae587af87076e24275cfc47de4cb4b6860607e25f61847a216d7
.exe windows:5 windows x86 arch:x86

c4e45199e0fb064c9ae9d40735f21f23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\FlowCloud\trunk\Dev\src\fcClient\Release\install.pdb

Imports

kernel32

WriteFile
OpenProcess
GetSystemDirectoryW
WideCharToMultiByte
Sleep
GetFileAttributesW
TerminateProcess
ReadFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
lstrlenW
SetThreadPriority
GetLastError
SetLastError
GetProcAddress
Process32FirstW
Process32NextW
lstrcatW
CreateToolhelp32Snapshot
GetFileAttributesExW
OpenEventW
GetShortPathNameW
WinExec
CloseHandle
GetWindowsDirectoryW
lstrcpyW
SetFileAttributesW
ExpandEnvironmentStringsW
lstrcmpiA
LoadLibraryA
lstrcmpA
FreeLibrary
GetWindowsDirectoryA
VirtualFree
VirtualAlloc
VirtualProtect
HeapAlloc
HeapFree
GetProcessHeap
GetDriveTypeW
GetModuleHandleA
CreateProcessA
ResumeThread
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
FlushInstructionCache
GetCurrentThreadId
SuspendThread
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
SetFileTime
GetCurrentThread
GetModuleHandleW
GetLogicalDrives
SetEvent
CreateDirectoryW
GetCurrentProcess
SetErrorMode
SetPriorityClass
CreateMutexW
GetFileSize
GetEnvironmentVariableW
ExitProcess
DeleteFileW
GetVersionExA
OutputDebugStringA
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
GetTempPathW
HeapValidate
DeleteFileA
FormatMessageW
LoadLibraryW
FormatMessageA
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
SystemTimeToFileTime
GetFullPathNameA
GetFullPathNameW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
GetStartupInfoW
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetFileAttributesA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetExitCodeProcess
WaitForSingleObject
CreateFileA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetLocaleInfoW
FlushFileBuffers
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
CompareStringA

user32

MessageBoxA
MessageBoxW
wsprintfW

advapi32

RegCreateKeyExA
RegOpenKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CreateServiceA
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegOpenKeyExA

shell32

ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHChangeNotify

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathAppendW
SHDeleteKeyW
PathFileExistsW
SHDeleteValueW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFindFileNameW

dbghelp

MakeSureDirectoryPathExists

wsock32

ntohl
htonl

Sections

.text
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c4e45199e0fb064c9ae9d40735f21f23

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

dbghelp

wsock32

Sections

.text Size: 794KB - Virtual size: 793KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 30KB - Virtual size: 40KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 794KB - Virtual size: 793KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 30KB - Virtual size: 40KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 26KB - Virtual size: 25KB