15687803695[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

15687803695.zip
Size

7.5MB
MD5

d2b52cb4bbbb61c6a6035fd473c9bbdc
SHA1

3273327347f29980fbb091ae45f45acc52ab8359
SHA256

f4eb6cd0e1c109f6a1825ed6794587b7ee01fece7527350ca20b4779fa7e78fc
SHA512

a7c5154e96ac2f13c298754555d892cb7a76e265fc7939b25ee93e49e24c34edab19a657137496726f9eb3b3046fdd691bbae8b523fac9bfdf0b7e71bc4a8e24
SSDEEP

196608:QvWeDbjM3vpRN/GX5tkqSs48Vwz7mVm+e1xUtzqBj:QueXeRRN/KDNSs4B8m+e1a5qBj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e491642e9c60e1e83e4c5224dac313936ac136f8821bf3f886c5129ec6b2ad87

Files

15687803695.zip
.zip

Password: infected
e491642e9c60e1e83e4c5224dac313936ac136f8821bf3f886c5129ec6b2ad87
.exe windows:6 windows x64 arch:x64

52ccbe0bd796df128616fb77adc1cd54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpyA
WriteConsoleW
GetLastError
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
WTSGetActiveConsoleSessionId
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
CheckRemoteDebuggerPresent
CloseHandle
OpenProcess
GetCurrentThreadId
ExpandEnvironmentStringsW
CreateProcessW
GetLocaleInfoW
LoadLibraryA
GetCurrentProcessId
CreateFileW
GetFileSizeEx
ReadFile
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
LocalAlloc
GetUserDefaultLocaleName
GetConsoleWindow
GetUserDefaultLangID
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
CreateEventW
WaitForMultipleObjects
GlobalFree
SetHandleInformation
OutputDebugStringW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CompareStringEx
GetCommandLineW
GetSystemTime
GetLocalTime
SetEvent
WaitForSingleObjectEx
GetSystemDirectoryW
LoadLibraryW
DuplicateHandle
WaitForSingleObject
Sleep
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
ResetEvent
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
MultiByteToWideChar
GetModuleFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetDriveTypeW
PeekNamedPipe
GetOverlappedResult
CancelIoEx
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
FlushFileBuffers
GetFileType
GetLogicalDrives
SetEndOfFile
SetFilePointerEx
SetErrorMode
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FreeLibrary
GetModuleHandleExW
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetExitCodeProcess
K32GetModuleFileNameExW
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
SetLastError
RtlUnwind
LoadLibraryExW
GetCommandLineA
ExitThread
FreeLibraryAndExitThread
SetStdHandle
SetFileAttributesW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize

advapi32

AllocateAndInitializeSid
RegSetValueExW
GetUserNameA
GetUserNameW
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
AccessCheck
CopySid
DuplicateToken
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
FreeSid
GetLengthSid
MapGenericMask
LookupAccountSidW
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithSidW
LookupAccountNameW

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmGetVirtualKey
ImmSetCandidateWindow

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

crypt32

CertAddStoreToCollection
CertVerifyTimeValidity
CertFindChainInStore
CertGetCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
PFXImportCertStore

bcrypt

BCryptGenerateSymmetricKey
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptSetProperty
BCryptEncrypt
BCryptDecrypt
BCryptCloseAlgorithmProvider

dwrite

DWriteCreateFactory

dnsapi

DnsFree
DnsQuery_W

iphlpapi

ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToGuid
GetAdaptersAddresses
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex

secur32

FreeCredentialsHandle
InitializeSecurityContextW
AcceptSecurityContext
DeleteSecurityContext
ApplyControlToken
QueryContextAttributesW
FreeContextBuffer
EncryptMessage
DecryptMessage
AcquireCredentialsHandleW
InitSecurityInterfaceW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

userenv

GetUserProfileDirectoryW

netapi32

NetApiBufferFree
NetShareEnum
NetWkstaGetInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeSetEvent
timeKillEvent
PlaySoundW

ws2_32

ntohl
getaddrinfo
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
WSAAsyncSelect
htonl
WSACleanup
WSAStartup
gethostname
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
bind
closesocket
getpeername
getsockname
htons
listen
select
setsockopt
WSAGetLastError
WSAAccept

user32

SetClipboardViewer
ChangeClipboardChain
GetWindowThreadProcessId
AttachThreadInput
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
GetWindowLongW
SetWindowLongW
SetWindowLongPtrW
SetParent
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
UnregisterClassW
SetMenuItemInfoW
GetDisplayConfigBufferSizes
QueryDisplayConfig
PostMessageW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetSysColor
LoadIconW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterPowerSettingNotification
SendMessageW
RegisterPowerSettingNotification
GetKeyboardLayoutList
UpdateLayeredWindowIndirect
SystemParametersInfoW
GetDesktopWindow
GetCaretBlinkTime
IsHungAppWindow
EnumDisplayDevicesW
RegisterClassW
GetClipboardFormatNameW
RegisterClipboardFormatW
LoadImageW
GetParent
GetWindowLongPtrW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
GetClientRect
MessageBeep
InvalidateRect
ReleaseDC
GetDC
GetSystemMetrics
GetFocus
GetWindowPlacement
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassExW
DisplayConfigGetDeviceInfo
GetClassInfoW
IsWindow
GetDoubleClickTime
DefWindowProcW
GetMenuItemInfoW

gdi32

DeleteDC
DescribePixelFormat
GetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
SelectObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetLayout
OffsetRgn
DeleteObject
CreateRectRgn
CombineRgn
SetPixelFormat
ChoosePixelFormat
GetDeviceCaps
CreateDCW
CreateBitmap
EnumFontFamiliesExW
ExtTextOutW
SetWorldTransform
SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetCharWidthI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetStockObject
GetDIBits
GdiFlush
CreateDIBSection
GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetFontData

shell32

SHGetKnownFolderPath
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW

ole32

RevokeDragDrop
CoUninitialize
CoLockObjectExternal
CoInitialize
CoCreateInstance
DoDragDrop
CoGetMalloc
CoCreateGuid
CoInitializeEx
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
ReleaseStgMedium
CoTaskMemFree
OleUninitialize
OleInitialize
RegisterDragDrop

oleaut32

GetErrorInfo
SysFreeString
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
VariantInit
VariantClear
SetErrorInfo
SysStringLen

Sections

.text
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

52ccbe0bd796df128616fb77adc1cd54

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

dwmapi

imm32

wtsapi32

crypt32

bcrypt

dwrite

dnsapi

iphlpapi

secur32

winhttp

userenv

netapi32

version

winmm

ws2_32

user32

gdi32

shell32

ole32

oleaut32

Sections

.text Size: 8.0MB - Virtual size: 8.0MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 123KB - Virtual size: 225KB

.pdata Size: 383KB - Virtual size: 383KB

.qtmetad Size: 2KB - Virtual size: 1KB

.qtmimed Size: 326KB - Virtual size: 325KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 8.0MB - Virtual size: 8.0MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 123KB - Virtual size: 225KB

.pdata
Size: 383KB - Virtual size: 383KB

.qtmetad
Size: 2KB - Virtual size: 1KB

.qtmimed
Size: 326KB - Virtual size: 325KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 38KB - Virtual size: 38KB