5a563e7b4523310c4cacd24956ef84f0af27a3cb6457d662da1db29d48918add[.]zip

General

Target

5a563e7b4523310c4cacd24956ef84f0af27a3cb6457d662da1db29d48918add.zip
Size

526KB
MD5

68bde9599e594d70e5dc612efd073687
SHA1

65bd0838f40e985712b81738aba2b6fa5650dc55
SHA256

359c8b210c85133c39e48b0ad41b8a28f215045420fb061348d9773ef33b7f2a
SHA512

6c3701c2fae348bdb876e4d8feaa0816c467635d4c566c726276ba5032daa22d109d19ed8e9763af54b1490028e63f6519ddbc2c0818ffabcfa97eaa378c0c86
SSDEEP

12288:pCJ/cTO9APFvl8QShaBG5YnvVZVnQJQQV+qxKi20HHyN:pGcRPFWGBRDVWQ8PHHyN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5a563e7b4523310c4cacd24956ef84f0af27a3cb6457d662da1db29d48918add

Files

5a563e7b4523310c4cacd24956ef84f0af27a3cb6457d662da1db29d48918add.zip
.zip

Password: infected
5a563e7b4523310c4cacd24956ef84f0af27a3cb6457d662da1db29d48918add
.exe windows:5 windows x86 arch:x86

bacf580b782aa0455ef48a6a3c2483fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

azroles

AzCloseHandle
AzGetProperty
AzGroupCreate
AzGroupDelete
AzFreeMemory

cmpbk32

PhoneBookEnumNumbers
PhoneBookLoad
PhoneBookEnumCountries

kernel32

SetLastError
GetFileAttributesW
LoadLibraryA
GetModuleFileNameA
GetModuleHandleW
GetLogicalDriveStringsA
GetProcAddress
CreateMailslotW
GetCommandLineA
CreateFileA
MoveFileExW
MapViewOfFile
GetTickCount
WaitForSingleObject
CreateJobObjectW

user32

LoadCursorA
PeekMessageA
LoadIconA
CharToOemW
LoadStringW
GetClassLongW
LoadMenuW
IsDialogMessageW
LoadBitmapA
InsertMenuW
GetPropA

shimeng

SE_InstallBeforeInit
SE_DllLoaded
SE_ProcessDying

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 525KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

bacf580b782aa0455ef48a6a3c2483fd

Headers

DLL Characteristics

File Characteristics

Imports

azroles

cmpbk32

kernel32

user32

shimeng

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 525KB - Virtual size: 524KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 525KB - Virtual size: 524KB

.rsrc
Size: 3KB - Virtual size: 3KB