16223378993[.]zip

Resubmissions

26/03/2024, 17:01

240326-vjqzlseh72 3

Sharing

Copy URL

Twitter E-mail

General

Target

16223378993.zip
Size

9.0MB
MD5

8eb4021ee3b9c45634e15be9daa7ca28
SHA1

ee390103f4196c97f451ae1f72941fe1e137a399
SHA256

246bbd916e1f8643e777d3f77975382e90cbf3049a729d7dc7b7b57b72ea69cf
SHA512

428ff188bc8df2ffcf94e5ca01d50084f254df2812075e12f98247ed4435c14c6e6b7d1c51fb734e78f40e11ee8506f89d879395e913a932018c3afbe4e70a98
SSDEEP

196608:1MqGU1x+6r4qh5ZIW5w6oEKv66zuMXmYhr10dsxE:h9s6r4qh3BYEFGuibiaxE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0bff034bc7f52f7bf660635e0ab3183192b900cefba34be9d9a869ac90b5cde5

Files

16223378993.zip
.zip

Password: infected
0bff034bc7f52f7bf660635e0ab3183192b900cefba34be9d9a869ac90b5cde5
.dll windows:5 windows x86 arch:x86

de2543f498b9b9d1f4116ee97a5a31dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

shell32

Shell_NotifyIconW

ole32

IsEqualGUID

version

GetFileVersionInfoSizeW

user32

CopyImage

oleaut32

GetErrorInfo

netapi32

NetWkstaGetInfo

advapi32

RegSetValueExW

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
rurwpsajfmdp

Sections

H[^ran8C
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

y!uC!S<?
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGz"8[D+
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

L$&S&wA5
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oR.P9TxG
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zF[CV4Ye
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

-X(;/A-)
Size: - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_xzVBp]B
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

I2pdbHiI
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

)PB&r>`U
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

duFum+CN
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

`&\i(j10
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

de2543f498b9b9d1f4116ee97a5a31dc

Headers

File Characteristics

Imports

kernel32

winspool.drv

comctl32

shell32

ole32

version

user32

oleaut32

netapi32

advapi32

gdi32

Exports

Exports

Sections

H[^ran8C Size: - Virtual size: 3.0MB

y!uC!S<? Size: - Virtual size: 13KB

DGz"8[D+ Size: - Virtual size: 65KB

L$&S&wA5 Size: - Virtual size: 29KB

oR.P9TxG Size: - Virtual size: 13KB

zF[CV4Ye Size: - Virtual size: 2KB

-X(;/A-) Size: - Virtual size: 177B

_xzVBp]B Size: - Virtual size: 69B

I2pdbHiI Size: - Virtual size: 4.7MB

)PB&r>`U Size: 3KB - Virtual size: 2KB

duFum+CN Size: 9.3MB - Virtual size: 9.3MB

`&\i(j10 Size: 2KB - Virtual size: 1KB

H[^ran8C
Size: - Virtual size: 3.0MB

y!uC!S<?
Size: - Virtual size: 13KB

DGz"8[D+
Size: - Virtual size: 65KB

L$&S&wA5
Size: - Virtual size: 29KB

oR.P9TxG
Size: - Virtual size: 13KB

zF[CV4Ye
Size: - Virtual size: 2KB

-X(;/A-)
Size: - Virtual size: 177B

_xzVBp]B
Size: - Virtual size: 69B

I2pdbHiI
Size: - Virtual size: 4.7MB

)PB&r>`U
Size: 3KB - Virtual size: 2KB

duFum+CN
Size: 9.3MB - Virtual size: 9.3MB

`&\i(j10
Size: 2KB - Virtual size: 1KB