d8v0hy491ql0fe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d8v0hy491ql0fe.zip
Size

1.4MB
MD5

0a43f8679f4cb95a2a1bfc26f9088448
SHA1

1411c1bc6135d2b7c247507b8148d5395d7dee0c
SHA256

8fbf589987a527d3fb0f561e470d854defde870926c374b2e2210af2b885cb52
SHA512

128062e2387df2b3287968e3da8d52dab0020147110a34fff0ab0f9c2aeb22a528956a53ceb91b95164c4af0918e27bff3d2887e298a680d34baccee7cefe02b
SSDEEP

24576:qX9NsYMEMdB2Lnxi7Jf6DnUKwTtP71okPbqcPyJdsTK4H:qNGBqnAwH85FbqcYsRH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/knjksy.exe

Files

d8v0hy491ql0fe.zip
.zip

Password: mh
knjksy.exe
.exe windows:6 windows x86 arch:x86

Password: mh

583cc2ef28f6fe36f423c4f7908aa09a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

PostThreadMessageA
CharUpperBuffW

advapi32

AllocateAndInitializeSid

ws2_32

listen

mswsock

GetAcceptExSockaddrs

ole32

CoUninitialize

crypt32

CertCloseStore

iphlpapi

GetIpNetTable

oleaut32

SysFreeString

shlwapi

SHDeleteKeyW

Sections

5iv/<&>/
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FiKZ7cZ9
Size: - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

b_)NN6"a
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

&QEgYo=N
Size: - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

U7NZtG,*
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9m@4mqL;
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

3ef\yH,:
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

B9,2e>Nl
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: mh

Password: mh

583cc2ef28f6fe36f423c4f7908aa09a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

mswsock

ole32

crypt32

iphlpapi

oleaut32

shlwapi

Sections

5iv/<&>/ Size: - Virtual size: 1.2MB

FiKZ7cZ9 Size: - Virtual size: 316KB

b_)NN6"a Size: - Virtual size: 49KB

&QEgYo=N Size: - Virtual size: 698KB

U7NZtG,* Size: 2KB - Virtual size: 1KB

9m@4mqL; Size: 1.5MB - Virtual size: 1.5MB

3ef\yH,: Size: 1KB - Virtual size: 1KB

B9,2e>Nl Size: 512B - Virtual size: 480B

5iv/<&>/
Size: - Virtual size: 1.2MB

FiKZ7cZ9
Size: - Virtual size: 316KB

b_)NN6"a
Size: - Virtual size: 49KB

&QEgYo=N
Size: - Virtual size: 698KB

U7NZtG,*
Size: 2KB - Virtual size: 1KB

9m@4mqL;
Size: 1.5MB - Virtual size: 1.5MB

3ef\yH,:
Size: 1KB - Virtual size: 1KB

B9,2e>Nl
Size: 512B - Virtual size: 480B