2fb3da959196da5f5972b40e0e7a57571a42f4972a57f586d43318caedcde56d[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

2fb3da959196da5f5972b40e0e7a57571a42f4972a57f586d43318caedcde56d.zip
Size

671KB
MD5

cd74d2071b75be08cc8a9d4d521d8bdd
SHA1

ba0a156a84146b3d7de7801cbef6d726266c3c6d
SHA256

cc9cda7c69f80fa63ea624f3d8850d4efd4c95397474b735a912592bb2b72d11
SHA512

372f3510513f4986445aaf74a32e9c161c16689b117585d27a9cc55a2c2402e09bdd2a3f0148c4a6ebfa11658aea659b6528d9f888488f1af5a2b9edc8d80225
SSDEEP

12288:XUFEQnVlx/tGHfaSAQyGoJKyxY+kCzFRulJeU4Y7f5TyDnLF54/o:kbtGHfaeyG/lJz4YVmD57

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/2fb3da959196da5f5972b40e0e7a57571a42f4972a57f586d43318caedcde56d.exe

Files

2fb3da959196da5f5972b40e0e7a57571a42f4972a57f586d43318caedcde56d.zip
.zip

Password: infected
2fb3da959196da5f5972b40e0e7a57571a42f4972a57f586d43318caedcde56d.exe
.exe windows:5 windows x64 arch:x64

Password: infected

a638f6b413d02de0f382750aa46eeb04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapQueryInformation
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
lstrcmpiW
GetStringTypeExW
FileTimeToSystemTime
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalFlags
GlobalGetAtomNameW
lstrlenA
lstrcmpA
GetCurrentProcessId
WideCharToMultiByte
FormatMessageW
LocalFree
lstrlenW
CompareStringW
LoadLibraryA
lstrcmpW
MultiByteToWideChar
GetVersionExA
ExitThread
ReadFile
GetFileSize
CreateProcessW
GetShortPathNameW
CreateThread
TerminateProcess
SetPriorityClass
GetPriorityClass
Sleep
HeapAlloc
GetProcessHeap
HeapFree
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetCurrentThreadId
GetTickCount
GetLastError
SetLastError
MulDiv
GetVersionExW
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
FreeResource
GetModuleHandleW
IsBadReadPtr
ReadProcessMemory
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualQueryEx
GetSystemInfo
OpenProcess
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
VirtualAlloc
CloseHandle
CreateFileW
RtlCaptureContext

user32

PostQuitMessage
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
GetSysColorBrush
UnregisterClassW
CharUpperW
CharNextW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
GetClassLongPtrW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
UpdateWindow
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetDlgCtrlID
SetWindowLongW
SystemParametersInfoA
GetWindowTextLengthW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
PostMessageW
EnumChildWindows
IsWindowEnabled
GetWindowTextW
EnumWindows
GetWindowThreadProcessId
SetForegroundWindow
TranslateMDISysAccel
DrawIcon
IsIconic
SetRectEmpty
ReleaseCapture
SetFocus
SetCapture
PtInRect
GetCursorPos
IsChild
GetFocus
MenuItemFromPoint
EndPaint
BeginPaint
ValidateRect
DefWindowProcW
DrawMenuBar
SetMenu
DestroyMenu
CallNextHookEx
SetPropW
GetClassNameW
CallWindowProcW
RemovePropW
GetPropW
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetLayeredWindowAttributes
SetWindowLongPtrW
IntersectRect
CreatePopupMenu
DeleteMenu
RedrawWindow
ClientToScreen
IsRectEmpty
GetMenuState
LoadMenuW
GetDesktopWindow
ModifyMenuW
AppendMenuW
GetMenuDefaultItem
DrawFocusRect
DrawEdge
GetMessagePos
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
InflateRect
DrawStateW
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenu
WindowFromDC
GetMenuInfo
GetKeyNameTextW
MapVirtualKeyW
CopyAcceleratorTableW
DestroyIcon
GetIconInfo
CopyImage
FillRect
GetWindowLongPtrW
OffsetRect
GetWindowRect
InsertMenuItemW
BringWindowToTop
TranslateAcceleratorW
LoadAcceleratorsW
WindowFromPoint
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetMenuItemRect
SetMenuInfo
IsMenu
GetWindowDC
IsWindowVisible
SetMenuItemBitmaps
GetMenuItemCount
GetWindowLongW
GetSystemMetrics
CopyRect
SetRect
LoadBitmapW
SetTimer
SetWindowPlacement
GetWindowPlacement
MoveWindow
GetWindow
IsDialogMessageW
IsWindow
GetMessageW
ShowWindow
SetWindowTextW
CreateDialogParamW
EndDialog
InvalidateRect
TrackMouseEvent
SetCursor
ShowCursor
GetSysColor
LoadCursorW
SetDlgItemTextW
GetParent
GetDlgItemTextW
LoadIconW
ReleaseDC
GetDC
wsprintfW
GetClientRect
SetWindowPos
CreateWindowExW
SendMessageW
EnableWindow
DispatchMessageW
TranslateMessage
SetParent

gdi32

GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
LineTo
ExtSelectClipRgn
GetStockObject
GetMapMode
GetBkColor
GetRgnBox
ExcludeClipRect
IntersectClipRect
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
PatBlt
DPtoLP
SelectClipRgn
CreateRectRgnIndirect
CombineRgn
DeleteObject
SetBrushOrgEx
UnrealizeObject
Rectangle
PtVisible
RectVisible
Escape
RoundRect
GetNearestColor
SetWindowOrgEx
CreateSolidBrush
CreatePatternBrush
CreateCompatibleBitmap
GetTextColor
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
MoveToEx
SetTextAlign
GetLayout
CreateFontIndirectW
GetTextMetricsW
GetTextAlign
GetCurrentObject
SetPixel
GetPixel
SetBkColor
CreateBitmap
GetObjectW
GetDeviceCaps
TextOutW
GetTextExtentPoint32W
CreatePen
CreateFontW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateRectRgn

comdlg32

GetSaveFileNameW
GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteKeyW
OpenProcessToken
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
DragFinish
DragQueryFileW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Add
InitCommonControlsEx
ImageList_Destroy

shlwapi

PathFindExtensionW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString

psapi

EnumProcesses
GetModuleInformation
GetModuleFileNameExW
EnumProcessModules

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a638f6b413d02de0f382750aa46eeb04

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

psapi

version

Sections

.text Size: 515KB - Virtual size: 515KB

.rdata Size: 209KB - Virtual size: 208KB

.data Size: 17KB - Virtual size: 42KB

.pdata Size: 34KB - Virtual size: 33KB

.rsrc Size: 523KB - Virtual size: 523KB

.text
Size: 515KB - Virtual size: 515KB

.rdata
Size: 209KB - Virtual size: 208KB

.data
Size: 17KB - Virtual size: 42KB

.pdata
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 523KB - Virtual size: 523KB