8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.zip
Size

2.2MB
MD5

b483cffe2d17f81ffd54949dd5841211
SHA1

0eac819ad1653e9e2a4c792256a2e58f6906dcd9
SHA256

2c39eb618817887c6b8a2e406658e836df7fe521b035b4c8000ee203f6b71b60
SHA512

253cc02f162f59990520581ad02a637d2a721e36676e2f1421ebb6bb29180b3a6d327f06b0ad23e3781cd8c5f3f7068ce00658784aeeef065043c27438c68b09
SSDEEP

49152:wxXNl3ZAj/17gP3nBcsC8ECqGD1wWNf9q:ql3ZAB03nBrYZkc

Score

8^/10

dave

Malware Config

Signatures

Dave packer 1 IoCs

Detects executable using a packer named 'Dave' by the community, based on a string at the end.

dave

resource	yara_rule
static1/unpack001/8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe	dave

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe

Files

8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.zip
.zip

Password: infected
8a2edeef9978d454882bfb233d9cd77505618b854f7899b27aeb095ff8ebb3f4.exe
.exe windows:5 windows x86 arch:x86

Password: infected

6f943e21ca738d0e719e4ef6cfd41587

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\msi\Git\MxMSI_Src\_MsiBuildSystem\bin\SfxMaker\stub_Release_Win32_v120_xp.pdb

Imports

kernel32

lstrcmpA
lstrcmpW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
LoadLibraryA
EncodePointer
GlobalFindAtomW
GetFileSizeEx
GetFileTime
SystemTimeToFileTime
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
DuplicateHandle
GetStringTypeExW
GetThreadLocale
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
SetErrorMode
GetUserDefaultLCID
RtlUnwind
CreateThread
ExitThread
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
IsDebuggerPresent
IsProcessorFeaturePresent
SetStdHandle
GetFileType
HeapQueryInformation
GetSystemInfo
VirtualProtect
VirtualQuery
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalDeleteAtom
IsValidCodePage
GetOEMCP
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadConsoleW
OutputDebugStringW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
SetEnvironmentVariableA
LoadLibraryExW
GetCurrentThread
FreeResource
LocalReAlloc
LocalAlloc
EnterCriticalSection
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
GetACP
MulDiv
GetVersion
FindResourceExW
lstrlenA
CreateProcessW
GetEnvironmentVariableW
LoadLibraryW
FreeLibrary
EnumResourceNamesW
SetFilePointerEx
FlushFileBuffers
ResumeThread
SuspendThread
GetThreadPriority
SetThreadPriority
GetDriveTypeW
GetCommandLineW
FormatMessageW
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
LCMapStringA
GetStringTypeExA
FormatMessageA
WaitForSingleObjectEx
CreateEventA
CreateSemaphoreA
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
Sleep
GetExitCodeProcess
GetDiskFreeSpaceExW
MapViewOfFileEx
GetFileAttributesExW
GetFileAttributesW
GetModuleFileNameW
CreateFileMappingW
UnmapViewOfFile
GetCurrentProcess
GetUserDefaultLangID
GetUserDefaultUILanguage
GetLocaleInfoW
FindResourceW
SizeofResource
LoadResource
LockResource
WaitForMultipleObjects
GetStdHandle
GetFileInformationByHandle
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
SetFilePointer
SetEndOfFile
ReadFile
WriteFile
GetFileSize
FindNextFileW
FindFirstFileW
GetModuleHandleA
GetLogicalDriveStringsW
FindClose
MoveFileW
DeleteFileW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
GetModuleHandleW
SetFileTime
SetLastError
GetProcAddress
FileTimeToLocalFileTime
CreateSemaphoreW
CreateEventW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetLastError
GetVersionExW
VirtualFree
VirtualAlloc
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
TerminateProcess

user32

RealChildWindowFromPoint
IntersectRect
GetSysColorBrush
DestroyMenu
SetWindowTextW
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetClassLongW
SetWindowLongW
EqualRect
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
GetClassInfoExW
GetClassInfoW
CallWindowProcW
DefWindowProcW
GetMessagePos
GetWindowTextLengthW
SetFocus
IsDialogMessageW
MessageBeep
GetNextDlgGroupItem
IsChild
SetWindowContextHelpId
WindowFromPoint
GetLastActivePopup
MessageBoxW
LoadStringW
LoadStringA
PostQuitMessage
CallNextHookEx
SetWindowsHookExW
ValidateRect
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
ClientToScreen
EndPaint
CharNextW
OffsetRect
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
SetRect
RegisterClipboardFormatW
PostThreadMessageW
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
GetMessageTime
DrawTextW
UnhookWindowsHookEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
SendDlgItemMessageA
PtInRect
IsRectEmpty
DrawFrameControl
ShowCaret
HideCaret
GetCursorPos
SetCursor
GetWindow
GetParent
GetWindowLongW
MapWindowPoints
GetWindowTextW
GetForegroundWindow
FlashWindowEx
CreateWindowExW
FillRect
GetSysColor
SystemParametersInfoW
InvalidateRect
DeleteMenu
GetSystemMenu
KillTimer
SetTimer
GetKeyState
SetDlgItemTextW
InflateRect
CopyRect
RedrawWindow
GetFocus
TrackMouseEvent
ScreenToClient
GetClientRect
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
IsWindow
GetWindowThreadProcessId
GetClassNameW
MsgWaitForMultipleObjects
PeekMessageW
IsWindowVisible
UnregisterClassW
MapDialogRect
LoadIconW
LoadCursorW
GetWindowRect
ReleaseDC
GetDC
DefDlgProcW
RegisterClassW
ReplyMessage
RegisterWindowMessageW
LoadImageW
GetSystemMetrics
PostMessageW
SendMessageW
EnableWindow
DestroyIcon
CharUpperW
GetTopWindow
AllowSetForegroundWindow

gdi32

SetWindowExtEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetBkColor
SetViewportExtEx
GetRgnBox
SetMapMode
ExtTextOutW
TextOutW
SetTextColor
GetTextColor
DeleteObject
SetBkColor
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateBitmap
OffsetViewportOrgEx
SetViewportOrgEx
CreateFontIndirectW
GetDeviceCaps
GetObjectW
SelectObject
CreateSolidBrush

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegDeleteValueW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHOpenFolderAndSelectItems
SHParseDisplayName
SHGetSpecialFolderPathW
SHCreateItemFromParsingName
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
ord165
ShellExecuteW

comctl32

ord413
ord410
InitCommonControlsEx
ord412

shlwapi

UrlCreateFromPathW
PathCreateFromUrlAlloc
UrlIsW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW

ole32

CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
StgCreateDocfileOnILockBytes
OleUninitialize
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear
VariantCopy
VariantInit
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy

oledlg

OleUIBusyW

msi

ord118
ord48
ord92
ord160
ord32
ord8
ord159

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6f943e21ca738d0e719e4ef6cfd41587

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

msi

oleacc

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 271KB - Virtual size: 270KB

.data Size: 47KB - Virtual size: 90KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 2.6MB - Virtual size: 2.6MB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 271KB - Virtual size: 270KB

.data
Size: 47KB - Virtual size: 90KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 76KB - Virtual size: 75KB