MDE_File_Sample_e1f5b43b5a5feb40d557f6eb925b868a560a430c[.]zip

Resubmissions

27-03-2024 15:17

240327-sn4edsab21 8

27-03-2024 15:01

240327-sec6vaef54 8

27-03-2024 15:00

240327-sdj8rsef32 3

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_e1f5b43b5a5feb40d557f6eb925b868a560a430c.zip
Size

46KB
MD5

9a639cdcc22bf377977232b95636d9de
SHA1

c160ed42bfcd1ca4581662fcc5c023a7c1946fe5
SHA256

bb7312ad8dba9f8436d783d46df5ce59a0255ecf113d68585c5bebf14671ab86
SHA512

d430d3080db5034952ef95e79046f5b633b43c20f0d2c7357908f64a9347066946e6a73b6c36cb56620d6f3d093b7db3746f7e1b4c10d089b845026c0c907090
SSDEEP

768:1aohavmnfUR2OHBgVYBbUZEnaQlglNnwLYKeMp/4ih/XGbbaq9Wo87ij+OPZ+Yly:8K3nfUR2uuZXQl8NnwzX/X2bHWoyS+CU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SSA-taxID-351788.exe

Files

MDE_File_Sample_e1f5b43b5a5feb40d557f6eb925b868a560a430c.zip
.zip

Password: infected
SSA-taxID-351788.zip
.zip
SSA-taxID-351788.exe
.exe windows:6 windows x86 arch:x86

7631a79a9071099fa4803e1c4c5df207

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\jmorgan\Source\cwcontrol\Misc\Bootstrapper\Release\ClickOnceRunner.pdb

Imports

crypt32

CertCreateCertificateContext
CertDeleteCertificateFromStore
CertOpenSystemStoreA
CryptMsgClose
CertFreeCertificateContext
CertAddCertificateContextToStore
CryptQueryObject
CertCloseStore
CryptMsgGetParam

kernel32

ReadFile
GetModuleFileNameW
SetFilePointer
LocalAlloc
CreateFileW
Sleep
LoadLibraryA
CloseHandle
GetProcAddress
LocalFree
WriteConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

7631a79a9071099fa4803e1c4c5df207

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB