240214-egvl1sgc9v_pw_infected[.]zip

General

Target

240214-egvl1sgc9v_pw_infected.zip
Size

61KB
MD5

435eacd2f385a8f4b25b9eb947ce2e14
SHA1

2f40f0821c0f5328ab60e6e3fb46d508c7c28720
SHA256

409e95963a01ffe824db79ab55f6eccc67b65a164de8869bc8532e62e48fc32f
SHA512

5f486baf8bfb3febbc035cf86c80c63d801ba0b4c986054993c5629d1b16df92a901ad03d52a02c8292c8cb38de638921a47f807c58cb6aa2127462933d3d34f
SSDEEP

1536:XdS35SNFQ7NET79EmORaQBUNJ1uuI6iX/PIY5Bayk:Xd4Yl9GzkiXIS4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9ab0d762851ca70d12f127e94c78d8d9

Files

240214-egvl1sgc9v_pw_infected.zip
.zip

Password: infected
9ab0d762851ca70d12f127e94c78d8d9
.exe windows:4 windows x86 arch:x86

Password: infected

fa6898598b38b5690f721e9938d5d914

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
HeapReAlloc
VirtualAlloc
HeapAlloc
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetFileSize
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetProcAddress
GetOEMCP
GetTickCount
GetStdHandle
SetHandleCount
GetStringTypeW
GetEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte

user32

PostQuitMessage
GetSystemMetrics
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
LoadStringA
DefWindowProcA
DestroyWindow
wsprintfA
GetClientRect

gdi32

Rectangle
TextOutA
CreateBitmap

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA

shell32

StrRChrA
StrStrIA

ole32

CoInitialize

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fa6898598b38b5690f721e9938d5d914

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB