MDE_File_Sample_e21a042e897d376b765629d7e6998f6559209bb8[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_e21a042e897d376b765629d7e6998f6559209bb8.zip
Size

213KB
MD5

06303baa371704396e3660d55e960779
SHA1

6224dad5424e20f0aa5bbe9ad646167c1d38df59
SHA256

227731c917df146126ca747c48f71374ae0622cf56aa93bcc63893ba698105f5
SHA512

7c10b472ae7372e831d20076ecd195b0322b7b03f53a9582f2bb18556d71c022753ac855ed5c2831940f99df6a2cb79705205d9b6937087a993655b63668b518
SSDEEP

3072:rA6cjUdH72ilHakNwVvZLfkzJe3RMVsb4uIzWOv3LRK69bWX/e3ye5hX:rAh4db2ilHnwUCMo4uIzWOjoQyeb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e21a042e897d376b765629d7e6998f6559209bb8

Files

MDE_File_Sample_e21a042e897d376b765629d7e6998f6559209bb8.zip
.zip

Password: infected
e21a042e897d376b765629d7e6998f6559209bb8
.exe windows:4 windows x86 arch:x86

Password: infected

72c63112e4e4f74bf3fbaf935205191c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
SetPriorityClass
CopyFileA
MultiByteToWideChar
GetTempFileNameA
GetTempPathA
DeleteFileA
FindResourceA
LoadResource
LockResource
FreeResource
GetTickCount
GlobalLock
GlobalUnlock
CreateDirectoryA
GetFileAttributesA
GetStartupInfoA
GetModuleFileNameA
OpenFileMappingA
CloseHandle
CreateFileMappingA
GetLastError
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
LocalAlloc
LocalLock
LocalUnlock
LocalFree
SizeofResource
GlobalReAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
WinExec
GetCurrentProcess
FlushFileBuffers
CreateFileA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
WriteFile
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetFileType
GetStdHandle
SetStdHandle
LCMapStringA
SetFilePointer
ReadFile
SetHandleCount
GlobalFree
VirtualAlloc
VirtualFree
IsBadWritePtr
HeapDestroy
ExitProcess
HeapCreate
GetCommandLineA
GetModuleHandleA
GetVersion
HeapReAlloc
HeapAlloc
HeapFree
LCMapStringW
GetProcAddress
RtlUnwind
SetEndOfFile
LoadLibraryA

user32

GetClientRect
DialogBoxParamA
UnionRect
EqualRect
GetMessageA
EndDialog
MoveWindow
IntersectRect
GetWindowRect
GetCursorPos
SetRect
IsWindow
GetDC
ReleaseDC
InvalidateRect
DestroyCursor
SetTimer
KillTimer
MessageBoxA
GetDesktopWindow
LoadCursorA
SetCursor
PtInRect
GetAsyncKeyState
EndPaint
BeginPaint
CopyRect
SetDlgItemTextA
GetDlgItemTextA
GetTopWindow
GetWindow
GetClassNameA
SetWindowLongA
IsWindowVisible
GetWindowLongA
SendMessageA
GetUpdateRect
EnumWindows
LoadIconA
IsRectEmpty
UpdateWindow
TranslateMessage
DispatchMessageA
PostQuitMessage
SetClassWord
SetWindowTextA
SetForegroundWindow
TrackPopupMenu
DestroyMenu
LoadMenuA
GetSubMenu
DefWindowProcA
DestroyWindow
CreateWindowExA
RegisterClassA
OffsetRect
CheckMenuItem
SystemParametersInfoA
PostMessageA
SetWindowPos
FindWindowA
SetRectEmpty

gdi32

RealizePalette
DeleteObject
GetObjectA
DeleteDC
SetBkColor
BitBlt
SetMapMode
GetMapMode
CreateCompatibleBitmap
CreateBitmap
GetPixel
SelectObject
CreateCompatibleDC
GetDeviceCaps
GetStockObject
SetBkMode
CreatePalette
CreateDIBitmap
SelectClipRgn
SetRectRgn
CreateRectRgnIndirect
SelectPalette

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize
CoCreateInstance

winmm

mciSendCommandA

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.spm
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

72c63112e4e4f74bf3fbaf935205191c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 31KB

.rsrc Size: 184KB - Virtual size: 182KB

.spm Size: - Virtual size: 1B

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 31KB

.rsrc
Size: 184KB - Virtual size: 182KB

.spm
Size: - Virtual size: 1B