dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
Size

452KB
MD5

6b2bdc5f691431e0723f65564ad1a90d
SHA1

91b4f2979d052195e9cf59c6384024089d401779
SHA256

6246f43bd1a5ef67db2a2170cf12bef8bfbbcc58f3f9a9072832d3ac20729a42
SHA512

d83263aa4a5357622e7c54cbb6b15d9f2e482c5ae11411ac6db7036afe8b242b096d4c50cb7dcf8022636df1fafdb5d881c0b01833a460a43da12c32b9a6d50d
SSDEEP

12288:YVTvsFnSbOjlDmzCO7WhezdBNBKQuy5jXA9a6odd:YVTF6pV6gWdjBnQ6d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll

Files

dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
.zip

Password: infected
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll
.dll windows:6 windows x86 arch:x86

Password: infected

55f1ba0b782341fa929d61651ef47f0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Jenkins\workspace\Osprey\Osprey_5.01\output\app\symbol\Win32\Release\TmopphDns.pdb

Imports

kernel32

WideCharToMultiByte
CreateDirectoryA
Sleep
LocalFree
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WriteConsoleW
GetProcAddress
ResetEvent
CloseHandle
LoadLibraryA
SetEvent
GetLastError
MultiByteToWideChar
OpenEventW
GetModuleFileNameW
GetShortPathNameW
SetLastError
OpenEventA
GetModuleFileNameA
GetShortPathNameA
EnterCriticalSection
GetVersionExA
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetCurrentThread
GetFileAttributesExW
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
DeleteFileW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
OutputDebugStringW

advapi32

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsA
GetSecurityDescriptorSacl
SetEntriesInAclA
GetSecurityDescriptorDacl
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorA
TraceMessage
GetNamedSecurityInfoA
SetSecurityInfo
ConvertStringSidToSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

TmphCreateCtx
TmphCreateCtxEx
TmphDisconnectAllSessions
TmphExit
TmphFreeContext
GetModuleProp
TmphInit
TmphIsSupport
GetModul
GetModuleP
HetModuleProp
GetModulePro

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

55f1ba0b782341fa929d61651ef47f0c

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 21KB - Virtual size: 21KB