18884b02d70a9b8017645388f21b0aefd84e744fc1013a07acd143f060d17639[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

18884b02d70a9b8017645388f21b0aefd84e744fc1013a07acd143f060d17639.zip
Size

127KB
MD5

4690390349d23bb7ad6139ec1a3a5851
SHA1

0bbb196cca03c6989025c09afdd00195cc57a1cf
SHA256

af470dee29f8103fe213a659a6ce9cd2e3b439519ca84a769fc2352bbfb3702e
SHA512

d44d2285828d6efcb751f635ed18ae87375ce82df867ee2d7bbfa3d94cf20b3828e552caa1d6c2fd267e7e10ff202f61166e0db44961ff5ebbef4fe0720ae07d
SSDEEP

3072:WwkyIUZqZ0bdNIep664ADCKwmcvVrPP//PdP7pelsNWmdPZ:KOZbtr4AiPvdDw6NFPZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/18884b02d70a9b8017645388f21b0aefd84e744fc1013a07acd143f060d17639.exe

Files

18884b02d70a9b8017645388f21b0aefd84e744fc1013a07acd143f060d17639.zip
.zip

Password: infected
18884b02d70a9b8017645388f21b0aefd84e744fc1013a07acd143f060d17639.exe
.exe windows:4 windows x64 arch:x64

aa298c0a259d58f77c0d32e631e20622

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

api-ms-win-crt-convert-l1-1-0

_ultoa
mbrtowc
wcrtomb

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
_wgetenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

__C_specific_handler
__intrinsic_setjmpex
longjmp
memchr
memcmp
memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_endthreadex
_errno
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
_fileno
_fseeki64
_ftelli64
_get_osfhandle
_isatty
_setmode
_wfopen
clearerr
fclose
ferror
fflush
fgetc
fgets
fputc
fread
fwrite
setvbuf
ungetc

api-ms-win-crt-string-l1-1-0

_strdup
memset
strlen
strncmp
wcslen

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_localtime64
_tzset

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/97
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/113
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
loader.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

aa298c0a259d58f77c0d32e631e20622

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 13KB - Virtual size: 12KB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 7KB - Virtual size: 7KB

.bss Size: - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 500B

/4 Size: 512B - Virtual size: 128B

/19 Size: 10KB - Virtual size: 10KB

/31 Size: 1KB - Virtual size: 1KB

/45 Size: 1KB - Virtual size: 1KB

/57 Size: 512B - Virtual size: 376B

/70 Size: 512B - Virtual size: 198B

/81 Size: 1KB - Virtual size: 1KB

/97 Size: 1024B - Virtual size: 760B

/113 Size: 512B - Virtual size: 77B

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 13KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 7KB - Virtual size: 7KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 500B

/4
Size: 512B - Virtual size: 128B

/19
Size: 10KB - Virtual size: 10KB

/31
Size: 1KB - Virtual size: 1KB

/45
Size: 1KB - Virtual size: 1KB

/57
Size: 512B - Virtual size: 376B

/70
Size: 512B - Virtual size: 198B

/81
Size: 1KB - Virtual size: 1KB

/97
Size: 1024B - Virtual size: 760B

/113
Size: 512B - Virtual size: 77B