Week 5 Malware[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Week 5 Malware.exe
Size

1.1MB
MD5

ce65b4b61c076642a5f98fa780d43899
SHA1

0a60240eb6e96836d6ca4b82f531ecc98ddbb4bb
SHA256

e84c050d38730a0bf098476cc6a167f9944521a0e4e1beedb2dab331a166fc52
SHA512

3f74a006ea16c182a3eaa896886fb7ed70ebf4fb74641dca77bcff300e89fe1ce230ac1fb29b168f7b0d4033954917439add8e31ea027c9041ffc3363220323f
SSDEEP

12288:BB4ONL1Oa+iJBPWhbvULrJ6Bti3ERXxlcWdMhaex:j9hEYsbvULrwC+Xxlc+Pex

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
Week 5 Malware.exe

Files

Week 5 Malware.exe
.exe windows:4 windows x86 arch:x86

Password: week5isinfected

53ad69e895eef507f3f0f235481c5628

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetProcAddress
VirtualAlloc
VirtualProtect
LoadLibraryA
GetTickCount
ExitProcess
GetACP
GetConsoleCP
MoveFileExA
Module32FirstW
AddAtomW
GetEnvironmentStringsW

comctl32

InitCommonControls
ImageList_EndDrag
Str_SetPtrW
UninitializeFlatSB
DrawStatusTextA
ImageList_Add
LBItemFromPt

shell32

PathIsSlowW
SHMapPIDLToSystemImageListIndex
SHInvokePrinterCommandW
SHAppBarMessage

winspool.drv

EnumMonitorsW
SetDefaultPrinterA
DeletePrinterDataExA

user32

SendMessageCallbackA
FillRect
GetMessagePos
BlockInput

oleacc

WindowFromAccessibleObject
DllUnregisterServer
LIBID_Accessibility
GetStateTextA

version

VerQueryValueW
VerFindFileW

advapi32

GetUserNameW
SetEntriesInAclW
CryptEnumProvidersW
IsValidSecurityDescriptor
LsaSetInformationTrustedDomain
SetTraceCallback

oledlg

OleUIEditLinksW

imagehlp

SymGetTypeInfo
UpdateDebugInfoFile
ImageDirectoryEntryToDataEx
SymGetModuleBase64
SymUnDName
EnumerateLoadedModules
FindDebugInfoFileEx
SymFunctionTableAccess64

winmm

waveOutGetErrorTextA
joyGetPosEx
auxSetVolume
auxGetDevCapsA
waveOutRestart
mmioSendMessage
mixerGetLineControlsA
NotifyCallbackData
midiOutClose

gdiplus

GdipSetClipHrgn
GdipEnumerateMetafileDestPoint
GdipGetLineRect
GdipGetPageUnit
GdipGetDpiY
GdipGetPenUnit

shlwapi

SHRegDeleteEmptyUSKeyW
PathUnmakeSystemFolderW
PathMakeSystemFolderA
PathUnquoteSpacesW
SHRegSetPathA

gdi32

GdiComment

msimg32

TransparentBlt
DllInitialize
AlphaBlend
vSetDdrawflag

oleaut32

OACreateTypeLib2
VarDecAbs
SafeArrayGetIID
BSTR_UserFree
VarBstrFromCy
OleSavePictureFile
VarBstrFromUI4
CreateTypeLib

ole32

HMETAFILEPICT_UserFree
HENHMETAFILE_UserFree
SetConvertStg
HMENU_UserSize
HMETAFILEPICT_UserSize
CoQueryAuthenticationServices
IsValidPtrIn
CoRegisterMallocSpy

comdlg32

FindTextA
GetOpenFileNameA
ChooseFontA
FindTextW
PrintDlgExW
PageSetupDlgA
dwOKSubclass
ChooseFontW
GetSaveFileNameW
GetSaveFileNameA

Sections

.text
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rd
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rd
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: week5isinfected

53ad69e895eef507f3f0f235481c5628

Headers

File Characteristics

Imports

kernel32

comctl32

shell32

winspool.drv

user32

oleacc

version

advapi32

oledlg

imagehlp

winmm

gdiplus

shlwapi

gdi32

msimg32

oleaut32

ole32

comdlg32

Sections

.text Size: 552KB - Virtual size: 552KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 264KB - Virtual size: 264KB

.rd Size: 1KB - Virtual size: 1KB

.rd Size: 278KB - Virtual size: 277KB

.text
Size: 552KB - Virtual size: 552KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 264KB - Virtual size: 264KB

.rd
Size: 1KB - Virtual size: 1KB

.rd
Size: 278KB - Virtual size: 277KB