F1F59B325499A3AD9B6F811E68199350BF136420514970FB8F7FC4F68533D300[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

F1F59B325499A3AD9B6F811E68199350BF136420514970FB8F7FC4F68533D300.zip
Size

536KB
MD5

afec66afd93716b94b01765089dd5105
SHA1

1a3405e61e6216c03a012d2ce9116979b563c05e
SHA256

c53a285c2a2ce1a0e28660970e1a94ffc29d4b498978aaebaa5b5676ea49624f
SHA512

025aa2d8b4b465546e95c5dc44734f298b017aeb0bd674df154cf3c9a3a6ffd26608dbbe16115a73d7280ee4564e350371b22c02b31866dad5f03693aadfe9a8
SSDEEP

12288:4UFWatOH114qNjRVbIqFHm4izoE7caEvTwIRYP3tgMWfIUDHOn1A4v5sAE42I8qi:HWmObBDDFGtoUca02WDDcG+5FEHPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/F1F59B325499A3AD9B6F811E68199350BF136420514970FB8F7FC4F68533D300

Files

F1F59B325499A3AD9B6F811E68199350BF136420514970FB8F7FC4F68533D300.zip
.zip

Password: infected
F1F59B325499A3AD9B6F811E68199350BF136420514970FB8F7FC4F68533D300
.exe windows:5 windows x86 arch:x86

628020e1861b409ea53fc9243b793290

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\entapps\lego\lib\eeselfdecrypt.pdb

Imports

shlwapi

SHAutoComplete

crypt32

CryptAcquireCertificatePrivateKey
CertNameToStrW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertCreateCertificateContext
CertCompareCertificate
CertGetNameStringW
CryptImportPublicKeyInfoEx
CryptFindOIDInfo
CryptImportPublicKeyInfoEx2
CryptImportPKCS8

comctl32

InitCommonControlsEx

ncrypt

BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
NCryptOpenStorageProvider
BCryptDestroyHash
NCryptFreeObject
NCryptOpenKey
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptVerifySignature
NCryptDeriveKey
BCryptExportKey
NCryptImportKey
NCryptSecretAgreement
NCryptDecrypt
NCryptIsKeyHandle
BCryptDuplicateKey
BCryptSetProperty
BCryptImportKey
BCryptGenerateSymmetricKey
NCryptSetProperty
BCryptDecrypt

kernel32

GlobalAlloc
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
MulDiv
GetModuleFileNameW
lstrcmpW
lstrlenW
GlobalUnlock
FlushInstructionCache
GetTempPathW
RaiseException
EnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
FreeLibrary
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
CreateProcessW
GetTickCount
SetFileTime
DeleteFileW
FindResourceW
LoadResource
LoadLibraryExW
SetDllDirectoryW
GlobalLock
SizeofResource
MultiByteToWideChar
lstrcmpiW
EnumResourceNamesW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FindResourceExW
EndUpdateResourceW
IsBadReadPtr
GetFileAttributesW
BeginUpdateResourceW
CreateFileMappingW
LockResource
UpdateResourceW
EnumResourceLanguagesW
FormatMessageA
FormatMessageW
FindFirstFileW
GetDriveTypeW
CreateDirectoryW
GetVersionExW
FindClose
RemoveDirectoryW
FindNextFileW
GetCurrentProcessId
SetFileAttributesW
InitializeCriticalSection
GetLocaleInfoW
GetUserDefaultUILanguage
GetTempFileNameW
MoveFileExW
ExpandEnvironmentStringsW
DecodePointer
CreateFileA
ExpandEnvironmentStringsA
LoadLibraryA
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
SystemTimeToFileTime
CloseHandle
CreateFileW
ReadFile
WriteFile
GetFileSize
SetLastError
GetLastError
LocalFree
LocalAlloc
HeapCreate
ExitProcess
GetStdHandle
LCMapStringW
Sleep
HeapSize
GetStringTypeW
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleW
SetStdHandle
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
EncodePointer
GetModuleHandleW

user32

DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetWindowRect
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
SetForegroundWindow
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassLongW
GetClassInfoExW
GetDC
GetForegroundWindow
RegisterClassExW
ClientToScreen
OffsetRect
InvalidateRect
GetWindowLongW
GetWindowTextW
EndPaint
DestroyIcon
MessageBoxW
LoadStringW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
SetWindowPos
ShowWindow
IsWindow
CreateWindowExW
AdjustWindowRectEx
ReleaseCapture
GetSystemMetrics
SendMessageW
SetWindowTextW
CallWindowProcW
GetWindowContextHelpId
EnableMenuItem
PostMessageW
GetSystemMenu
DispatchMessageW
EnableWindow
CreateDialogParamW
PeekMessageW
IsDialogMessageW
DrawTextW
DialogBoxParamW
EndDialog
DefWindowProcW
GetWindow
MoveWindow
LoadIconW
TranslateMessage
UnregisterClassA

gdi32

BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExW
CryptGetHashParam
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
CryptImportKey
CryptReleaseContext
CryptGetKeyParam
CryptSetKeyParam
CryptVerifySignatureW
CryptAcquireContextW
CryptContextAddRef
CryptDecrypt
CryptGetUserKey
CryptSetHashParam
CryptDuplicateKey
RegQueryValueExA

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
ShellExecuteW

ole32

StringFromGUID2
CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoGetClassObject
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx

oleaut32

VariantClear
VarUI4FromStr
LoadRegTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
SystemTimeToVariantTime
SysStringLen
SysAllocString
VariantTimeToSystemTime

Sections

.text
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

_eesd___
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

628020e1861b409ea53fc9243b793290

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

crypt32

comctl32

ncrypt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 356KB - Virtual size: 356KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 26KB - Virtual size: 34KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 22KB - Virtual size: 22KB

_eesd___ Size: 292KB - Virtual size: 292KB

.text
Size: 356KB - Virtual size: 356KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 26KB - Virtual size: 34KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 22KB - Virtual size: 22KB

_eesd___
Size: 292KB - Virtual size: 292KB