18032024_2349_0x000500000001e5eb-4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

18032024_2349_0x000500000001e5eb-4.zip
Size

1.6MB
MD5

8f93f2fa9e1fb231d4849ac2c0ad3f8f
SHA1

ee5d1143a379a4e70c7d6ab9da862d61a15b83ff
SHA256

4b61c613f3c8455574d52c2336cd2ebfc4c66f5a52b9f7665fc5d5e71fc8884e
SHA512

e96679bbe872110b1f080aba6f29bf9b69321efa637aed6f59bfea0cef5aa034825b79a7a379aadc89e41024d1227ee97b27826a0e8c37b21a77b2e394917671
SSDEEP

49152:85ljIsu01+4Mt+Y3ACZERaTsVpuZ+3VxrbhXx9UXEZ2wMd:IL9Lg3APRaTCpc+3VxrbhB9UXHww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0x000500000001e5eb-4.dll

Files

18032024_2349_0x000500000001e5eb-4.zip
.zip

Password: infected
0x000500000001e5eb-4.dll
.dll windows:5 windows x86 arch:x86

Password: infected

702fbed3b6a22e8dbf1458c590a00c19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetWinMetaFileBits
GetCharABCWidthsFloatA
GetPixelFormat
GetMetaFileA
StretchDIBits
EndDoc

crypt32

CryptSIPGetSignedDataMsg

oleaut32

SafeArrayAllocDescriptorEx

setupapi

SetupDiEnumDeviceInfo

advapi32

SaferSetLevelInformation
DeleteService
ImpersonateNamedPipeClient
RegCloseKey

ole32

SetConvertStg
HBITMAP_UserSize
CoRegisterInitializeSpy

winspool.drv

AddPrinterA
SetPortW
DeviceCapabilitiesA

secur32

EnumerateSecurityPackagesW

iphlpapi

IcmpSendEcho

wininet

FindFirstUrlCacheEntryExW
InternetAutodialHangup
InternetOpenA

ws2_32

select

clusapi

ClusterResourceControl

user32

PostQuitMessage
FindWindowExA
CallNextHookEx
ShowWindowAsync
CreateIconFromResourceEx
GetMenuDefaultItem
GetUpdateRgn
CreateWindowExA
SetWindowLongA

winmm

midiInReset
midiOutGetVolume
waveOutGetVolume
mciSendCommandW

version

GetFileVersionInfoW

shell32

ShellExecuteA
SHChangeNotify
FindExecutableA
ExtractIconExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW

imm32

ImmGetCompositionWindow
ImmDestroyContext

lz32

LZRead

mscms

OpenColorProfileA

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
CreateFileA
GetLocaleInfoA
CloseHandle
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetModuleFileNameA
VirtualAlloc
VirtualFree
HeapReAlloc
HeapAlloc
RtlUnwind
Process32FirstW
DeleteCriticalSection
VerLanguageNameA
LoadLibraryW
GetProcAddress
LoadLibraryExA
OutputDebugStringA
GetModuleHandleA
SetThreadPriorityBoost
UnhandledExceptionFilter
Sleep
GetLargestConsoleWindowSize
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetModuleHandleW
ExitProcess
SetFilePointer
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetLastError
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
launcher.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

702fbed3b6a22e8dbf1458c590a00c19

Headers

File Characteristics

Imports

gdi32

crypt32

oleaut32

setupapi

advapi32

ole32

winspool.drv

secur32

iphlpapi

wininet

ws2_32

clusapi

user32

winmm

version

shell32

imm32

lz32

mscms

kernel32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB