dfe1abe2c591590f0f3b931aa439e966c380d5fdc6a9e74e6012f47f53eca699[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

dfe1abe2c591590f0f3b931aa439e966c380d5fdc6a9e74e6012f47f53eca699.zip
Size

671KB
MD5

1e15c110d0dbfd9f9d4c74d864e8738f
SHA1

cfa0e5d653b36f1e37281462d3b39212c29996f9
SHA256

20532cbe261d656f0e8a231aa19d5bef7de00fa9fcdb38dfc253ec45c91f3009
SHA512

87d4cf0bc96528ee818f939ab2511bd573cf5817ff4351030b60faed50cc72c44299920a7f1872875cf1ce78db7a673ac67b8f4e604b48a640f940d0c0f46f1c
SSDEEP

12288:elPna5mHKxthV/97VdiIddAi02A7HNjvBSj1qCWyQJH:eNna5mqhhdAiW7HZgWxH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/dfe1abe2c591590f0f3b931aa439e966c380d5fdc6a9e74e6012f47f53eca699.exe

Files

dfe1abe2c591590f0f3b931aa439e966c380d5fdc6a9e74e6012f47f53eca699.zip
.zip

Password: infected
dfe1abe2c591590f0f3b931aa439e966c380d5fdc6a9e74e6012f47f53eca699.exe
.exe windows:5 windows x64 arch:x64

Password: infected

a638f6b413d02de0f382750aa46eeb04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapQueryInformation
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiW
GetStringTypeExW
FileTimeToSystemTime
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
GlobalGetAtomNameW
lstrlenA
lstrcmpA
GetCurrentProcessId
WideCharToMultiByte
FormatMessageW
LocalFree
lstrlenW
CompareStringW
LoadLibraryA
lstrcmpW
MultiByteToWideChar
GetVersionExA
ExitThread
ReadFile
GetFileSize
CreateProcessW
GetShortPathNameW
CreateThread
TerminateProcess
SetPriorityClass
GetPriorityClass
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetLastError
SetLastError
MulDiv
GetVersionExW
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
FreeResource
GetModuleHandleW
IsBadReadPtr
ReadProcessMemory
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
GetSystemInfo
OpenProcess
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
VirtualAlloc
CloseHandle
CreateFileW
RtlCaptureContext

user32

PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
GetSysColorBrush
UnregisterClassW
CharUpperW
CharNextW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
GetClassLongPtrW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
UpdateWindow
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
SetWindowLongW
SystemParametersInfoA
GetWindowTextLengthW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
PostMessageW
EnumChildWindows
IsWindowEnabled
GetWindowTextW
EnumWindows
GetWindowThreadProcessId
SetForegroundWindow
TranslateMDISysAccel
DrawIcon
IsIconic
SetRectEmpty
ReleaseCapture
SetFocus
SetCapture
PtInRect
GetCursorPos
IsChild
GetFocus
MenuItemFromPoint
EndPaint
BeginPaint
ValidateRect
DefWindowProcW
DrawMenuBar
SetMenu
DestroyMenu
CallNextHookEx
SetPropW
GetClassNameW
CallWindowProcW
RemovePropW
GetPropW
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetLayeredWindowAttributes
SetWindowLongPtrW
IntersectRect
CreatePopupMenu
DeleteMenu
RedrawWindow
ClientToScreen
IsRectEmpty
GetMenuState
LoadMenuW
GetDesktopWindow
ModifyMenuW
AppendMenuW
GetMenuDefaultItem
DrawFocusRect
DrawEdge
GetMessagePos
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
InflateRect
DrawStateW
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenu
WindowFromDC
GetMenuInfo
GetKeyNameTextW
MapVirtualKeyW
CopyAcceleratorTableW
DestroyIcon
GetIconInfo
CopyImage
FillRect
GetWindowLongPtrW
OffsetRect
GetWindowRect
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
LoadAcceleratorsW
WindowFromPoint
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemRect
SetMenuInfo
IsMenu
GetWindowDC
IsWindowVisible
SetMenuItemBitmaps
GetMenuItemCount
GetWindowLongW
GetSystemMetrics
CopyRect
SetRect
LoadBitmapW
SetTimer
SetWindowPlacement
GetWindowPlacement
MoveWindow
GetWindow
IsDialogMessageW
IsWindow
GetMessageW
ShowWindow
SetWindowTextW
CreateDialogParamW
EndDialog
InvalidateRect
TrackMouseEvent
SetCursor
ShowCursor
GetSysColor
LoadCursorW
SetDlgItemTextW
GetParent
GetDlgItemTextW
LoadIconW
ReleaseDC
GetDC
wsprintfW
GetClientRect
SetWindowPos
CreateWindowExW
SendMessageW
EnableWindow
DispatchMessageW
TranslateMessage
SetParent

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
GetStockObject
GetMapMode
GetBkColor
GetRgnBox
ExcludeClipRect
IntersectClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
PatBlt
DPtoLP
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
DeleteObject
SetBrushOrgEx
UnrealizeObject
Rectangle
PtVisible
RectVisible
Escape
RoundRect
GetNearestColor
SetWindowOrgEx
CreateSolidBrush
CreatePatternBrush
CreateCompatibleBitmap
GetTextColor
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
MoveToEx
SetTextAlign
GetLayout
CreateFontIndirectW
GetTextMetricsW
GetTextAlign
GetCurrentObject
SetPixel
GetPixel
SetBkColor
CreateBitmap
GetObjectW
GetDeviceCaps
TextOutW
GetTextExtentPoint32W
CreatePen
CreateFontW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateRectRgn

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
DragFinish
DragQueryFileW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Add
InitCommonControlsEx
ImageList_Destroy

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString

psapi

EnumProcesses
GetModuleInformation
GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a638f6b413d02de0f382750aa46eeb04

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

version

Sections

.text Size: 515KB - Virtual size: 515KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 17KB - Virtual size: 42KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 523KB - Virtual size: 523KB

.text
Size: 515KB - Virtual size: 515KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 17KB - Virtual size: 42KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 523KB - Virtual size: 523KB