d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.zip
Size

219KB
MD5

d6491bd913bf9ee36fb5d840c09b32d9
SHA1

9836b690a855295b21380c4e3c45fd07509fff1e
SHA256

ea28962af1af27a7300b82d8d63da8586bcc175fbf4502b769eefcfa5c258ac7
SHA512

8623ff76842a5ced31c8800546259c2e57f24f05e0656f37ae9643b3aeddc3156a4a66a0c87345f027258822f0d420b9b66388198750bd9c0d30ff208934e9ca
SSDEEP

3072:vyQq9aAz8MufkJ2r0VwsljJJBQ0584qI3IQodEjViwI5Y8iurXQsa3AIWmxs+L5y:apayvAEQ8KX4s3mRIu8hQ33AIWMKWVE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.exe

Files

d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.zip
.zip

Password: infected
d8d4a25dd484e96413ff9530e93621af5c53e96cf2b0435968f5fc72dad85d9b.exe
.exe windows:4 windows x86 arch:x86

Password: infected

4892bde54ba49bdd44b23194685a68ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
CreateToolhelp32Snapshot
MapUserPhysicalPages
WaitForSingleObject
FindResourceExA
GetModuleHandleA
Sleep
CreateActCtxA
OutputDebugStringA
VirtualAlloc
GetCurrentProcessId
VirtualQuery
VirtualUnlock
GetLastError
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
LocalFree
FormatMessageA
GlobalUnlock
GlobalAlloc
GlobalFree
FreeResource
GetProcAddress
FreeLibrary
lstrcmpA
LoadLibraryA
GetLocaleInfoA
EnumResourceLanguagesA
GetModuleFileNameA
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomA
CloseHandle
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetModuleFileNameW
InterlockedDecrement
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
CreateFileA
GetCPInfo
GetOEMCP
SetErrorMode
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
GetFileType
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetVersion
InterlockedExchange
lstrlenA
CompareStringA
MulDiv

user32

GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetWindowTextLengthA
SetFocus
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetCapture
WinHelpA
SendDlgItemMessageA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
BeginPaint
EndPaint
IsDialogMessageA
ShowWindow
LoadCursorA
DestroyMenu
UnregisterClassA
MapWindowPoints
PtInRect
DefWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ReleaseDC
CopyRect
GetWindowThreadProcessId
GetLastActivePopup
SetCursor
PostMessageA
PostQuitMessage
GetDesktopWindow
CreateDialogIndirectParamA
IsWindow
GetWindowLongA
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
SetActiveWindow
GetDlgCtrlID
GetClientRect
GetForegroundWindow
SetForegroundWindow
IsDlgButtonChecked
ShowCursor
GetNextDlgTabItem
GetDC
RegisterClipboardFormatA
GetClassLongA
GetMenu
DrawFocusRect
SetRect
GetParent
CallWindowProcA
GetFocus
ClientToScreen
UpdateWindow
SetWindowTextA
GetCursorPos
GetDlgItem
GetSysColor
AdjustWindowRectEx
GetSystemMetrics
EnableWindow
IsIconic
DrawIcon
LoadIconA
GetActiveWindow
MessageBoxA
GetSysColorBrush
SendMessageA
SetClassLongA
GetWindowRect
GetWindowTextA
HideCaret
GetDCEx
UnionRect
DestroyWindow
LockWindowUpdate
AttachThreadInput
IsWindowEnabled

gdi32

GetStockObject
CreateBitmap
GetClipBox
SetBkColor
GetObjectA
SaveDC
RestoreDC
RectVisible
DeleteObject
TextOutA
ExtTextOutA
Escape
DeleteDC
SetMapMode
GetDeviceCaps
SetWindowExtEx
CombineRgn
SetBkMode
CreateEllipticRgn
SetTextColor
SetAbortProc
StartPage
ScaleWindowExtEx
PtVisible
SetViewportOrgEx
ScaleViewportExtEx
SelectObject
SetViewportExtEx
OffsetViewportOrgEx

shell32

ShellExecuteA

ole32

OleInitialize
OleGetClipboard
CoTaskMemFree
StgCreateDocfile
CoGetClassObject
CreateItemMoniker
StgOpenStorage
GetRunningObjectTable
OleUninitialize
CoInitialize

oleaut32

VariantChangeType
UnRegisterTypeLi
VariantClear
VariantInit

comctl32

FlatSB_SetScrollInfo
ord412
FlatSB_SetScrollProp
ImageList_Merge
FlatSB_ShowScrollBar
FlatSB_GetScrollRange
FlatSB_SetScrollPos

shlwapi

StrRetToStrA
PathCompactPathA
PathFindExtensionA
PathFindFileNameA
StrTrimA

ws2_32

WSAStartup

netapi32

NetWkstaUserGetInfo

avifil32

AVIStreamGetFrameClose
AVIStreamLength
AVIMakeCompressedStream
AVISaveOptions
AVIStreamStart

odbc32

ord41

pdh

PdhCreateSQLTablesW
PdhEnumLogSetNamesW

rpcrt4

UuidCreateNil

imm32

ImmGetDefaultIMEWnd

setupapi

SetupDiGetClassDevsA

dxva2

GetMonitorDisplayAreaSize
GetMonitorRedGreenOrBlueGain

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4892bde54ba49bdd44b23194685a68ec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

shlwapi

ws2_32

netapi32

avifil32

odbc32

pdh

rpcrt4

imm32

setupapi

dxva2

winspool.drv

advapi32

Sections

.text Size: 204KB - Virtual size: 203KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 160KB - Virtual size: 158KB

.text
Size: 204KB - Virtual size: 203KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 160KB - Virtual size: 158KB