dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
Size

452KB
MD5

aebb3e6c44bada8c0acab50617b79f78
SHA1

32a8617739642eab42e75cfe863b4f477444a35d
SHA256

f273d572dbbb5eced162ca1f2059088ed15005f57374968bf93cb01843a187d8
SHA512

b4a42f6ac66f07fe1cfd7a08a9f3d75abb240ed5598a5d03db955ec7f6eef008246eb3eecb522c931d48dfacfba5cbb42a34ae9287ddf15448e4f8fd69fc311b
SSDEEP

12288:bdJMHHakQY6dIxpRvWAvPzUTdeJL9yXX2r0uwCkK3g+dtSy:bdCJQY6dmLvWAvPgTSM2lwCH3gcSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll

Files

dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
.zip

Password: infected
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll
.dll windows:6 windows x86 arch:x86

Password: infected

55f1ba0b782341fa929d61651ef47f0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Jenkins\workspace\Osprey\Osprey_5.01\output\app\symbol\Win32\Release\TmopphDns.pdb

Imports

kernel32

WideCharToMultiByte
CreateDirectoryA
Sleep
LocalFree
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WriteConsoleW
GetProcAddress
ResetEvent
CloseHandle
LoadLibraryA
SetEvent
GetLastError
MultiByteToWideChar
OpenEventW
GetModuleFileNameW
GetShortPathNameW
SetLastError
OpenEventA
GetModuleFileNameA
GetShortPathNameA
EnterCriticalSection
GetVersionExA
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetCurrentThread
GetFileAttributesExW
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
DeleteFileW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
OutputDebugStringW

advapi32

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsA
GetSecurityDescriptorSacl
SetEntriesInAclA
GetSecurityDescriptorDacl
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorA
TraceMessage
GetNamedSecurityInfoA
SetSecurityInfo
ConvertStringSidToSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

TmphCreateCtx
TmphCreateCtxEx
TmphDisconnectAllSessions
TmphExit
TmphFreeContext
GetModuleProp
TmphInit
TmphIsSupport
GetModul
GetModuleP
HetModuleProp
GetModulePro

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

55f1ba0b782341fa929d61651ef47f0c

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 21KB - Virtual size: 21KB