c85859845b0cdb864c7441318d9938417bc96be76b3440c34fca72b8c094e21b[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

c85859845b0cdb864c7441318d9938417bc96be76b3440c34fca72b8c094e21b.zip
Size

1.9MB
MD5

a9c1d1a9694fb66ae4468929bf5f1a71
SHA1

1d5c4e7422d87fbded8e58fe63064f51e57e83c3
SHA256

957d8baefcd9b816c925e1ce36a66b460f314d144cca316d749ba61f85d45521
SHA512

d3dd153edc993ee82a32f1789556497f31220d30f2138a93460f332b0a5aedb174d9718ec03e0720b77cf2b4b97e3e4d90e8af6a4bcd874366e288a509a673bb
SSDEEP

49152:68VQrx7S2RbkVT47dkMt8SMozLGMLRAUpFkwc3VGW6Vi:68Kjb0To2iX9RAw83sZVi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c85859845b0cdb864c7441318d9938417bc96be76b3440c34fca72b8c094e21b

Files

c85859845b0cdb864c7441318d9938417bc96be76b3440c34fca72b8c094e21b.zip
.zip

Password: infected
c85859845b0cdb864c7441318d9938417bc96be76b3440c34fca72b8c094e21b
.exe windows:4 windows x64 arch:x64

d8eb0c19ac9b7f1372d11161cd69a614

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FlushFileBuffers
DeviceIoControl
CreateEventA
CreateFileA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObject
CloseHandle
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
GetSystemTimeAsFileTime
Sleep
SetEnvironmentVariableA
CompareStringW
GetComputerNameA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
GetEnvironmentVariableA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
DeleteFileA
MoveFileA
GetCPInfo
GetACP
GetOEMCP
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
WriteFile
GetStdHandle
HeapSize
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
InitializeCriticalSection
GetConsoleCP
GetTimeZoneInformation
GetFileAttributesA
SetStdHandle
SetFilePointer
ReadFile
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
CreateProcessA
SetEndOfFile
CompareStringA

ws2_32

gethostname
WSACleanup
WSAGetLastError
WSAStartup
gethostbyname
inet_addr

shlwapi

PathRemoveFileSpecA

user32

GetSystemMetrics

advapi32

DeregisterEventSource
RegisterEventSourceA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
ReportEventA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d8eb0c19ac9b7f1372d11161cd69a614

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

shlwapi

user32

advapi32

setupapi

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 115KB - Virtual size: 292KB

.pdata Size: 299KB - Virtual size: 299KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 115KB - Virtual size: 292KB

.pdata
Size: 299KB - Virtual size: 299KB

.rsrc
Size: 512B - Virtual size: 176B