15130663993[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

15130663993.zip
Size

1.8MB
MD5

0983aa12f415aa299b10af334ba18122
SHA1

a47842cf71780a4f9f2ea927f121d4f5382683f7
SHA256

b247b0dac7d1e447f5a6cf80b35d6a3afb67a664240e9f06509d14793b515d62
SHA512

98ad1800b9c10da0c425a5e2e6ea12fc87f1ab357ce6bda3735afbd58e5b2e61bdbcd7bad8b2ad79b7fae20da0c7a9f138cadfdb900988608687ea3e07ef406a
SSDEEP

49152:ZYqigztsKkJW47zbxUXpUiaHCJK+Z1whN9Ruh0yYK+0RJ4:ZYqtzt1kpCXpRqO4N9RiTW0RJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/aclui.dll

Files

15130663993.zip
.zip

Password: infected
7e8315426befbcf3a2fca9a3ad4d0f072d9a184467ae7939920389b4a89f5116
.rar
aclui.dll
.dll windows:5 windows x86 arch:x86

Password: infected

1696be1b5491708b82dfc60978f9c741

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wintrust

CryptCATPutAttrInfo
CryptCATAdminAddCatalog
CryptCATEnumerateMember

winmm

mmioWrite

secur32

GetUserNameExA

shell32

CommandLineToArgvW
FindExecutableA

esent

JetMove

oleaut32

GetErrorInfo
SysAllocStringByteLen

rpcrt4

I_RpcReceive
RpcServerListen
NdrSimpleStructBufferSize
RpcMgmtInqComTimeout

ntdsapi

DsMakeSpnW

setupapi

SetupDiEnumDeviceInfo
SetupDiChangeState

msvcrt

putc
fgets

kernel32

GetCurrentProcess
SetCommMask
GetThreadPriority
LocalFileTimeToFileTime
GetQueuedCompletionStatus
UnregisterWaitEx
SwitchToThread
LocalLock
PostQueuedCompletionStatus
LocalFlags
GetProcAddress
LoadLibraryA
EnterCriticalSection
SystemTimeToFileTime
InterlockedPushEntrySList
GetExitCodeProcess
DeleteCriticalSection
IsProcessorFeaturePresent
WaitForSingleObjectEx
WaitForSingleObject
GetModuleFileNameA
GetBinaryTypeA
GetModuleFileNameW
LoadLibraryExW

ole32

OleCreateMenuDescriptor
MkParseDisplayName
HICON_UserFree
HWND_UserMarshal
HGLOBAL_UserUnmarshal

user32

PostQuitMessage
UpdateWindow
CreateWindowExA
GetWindowWord
GetUpdateRgn
GetKeyboardLayoutNameA
WindowFromPoint
ScreenToClient
ToUnicodeEx
GetClipCursor
CreateIconFromResourceEx
MonitorFromPoint
GetQueueStatus

ws2_32

select

iphlpapi

GetBestInterface
CreateIpForwardEntry

version

VerFindFileW

wininet

InternetConnectW

gdi32

SetBitmapDimensionEx
GetCurrentPositionEx
GetWindowExtEx
PlayEnhMetaFile
GetPixelFormat
SelectPalette
CombineRgn

winspool.drv

DocumentPropertiesW

advapi32

RegOpenCurrentUser
ReadEncryptedFileRaw

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LDXrqRxp
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

AnYhA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Mh
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

f
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fuEU*LgM
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1696be1b5491708b82dfc60978f9c741

Headers

File Characteristics

Imports

wintrust

winmm

secur32

shell32

esent

oleaut32

rpcrt4

ntdsapi

setupapi

msvcrt

kernel32

ole32

user32

ws2_32

iphlpapi

version

wininet

gdi32

winspool.drv

advapi32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 136KB - Virtual size: 135KB

LDXrqRxp Size: 4KB - Virtual size: 2KB

AnYhA Size: 4KB - Virtual size: 2KB

v Size: 20KB - Virtual size: 17KB

Mh Size: 104KB - Virtual size: 102KB

f Size: 28KB - Virtual size: 27KB

CONST Size: 1.4MB - Virtual size: 1.4MB

fuEU*LgM Size: 88KB - Virtual size: 84KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 136KB - Virtual size: 135KB

LDXrqRxp
Size: 4KB - Virtual size: 2KB

AnYhA
Size: 4KB - Virtual size: 2KB

v
Size: 20KB - Virtual size: 17KB

Mh
Size: 104KB - Virtual size: 102KB

f
Size: 28KB - Virtual size: 27KB

CONST
Size: 1.4MB - Virtual size: 1.4MB

fuEU*LgM
Size: 88KB - Virtual size: 84KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 28KB