cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41.zip
Size

1.1MB
MD5

5370e72c2f8f79a4d64dc4469eee2c57
SHA1

f6fd46c5f604b1690a7d016f5bb224f469ce6316
SHA256

56122dfa8ce21769d012c5787c3473fa07ebb5e34bcc1b3615ec1923549a39ea
SHA512

e260d5267aaec12e56c2a1595f22691b856b84efc97336e84f85015296ee75a5fcf583f2c715f0af2aeef5f4ee620974f6bad692a0860d1df87e5f829ee3ea37
SSDEEP

24576:hufjUWTMNhYvUNDOkv07xg4T5UNXUtm+EQCXEl4Vb+yRK0AiSPCG:QfjUWuyvUAkvExvTuXZQCUQ+Xt3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41.exe

Files

cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41.zip
.zip

Password: infected
cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41.exe
.exe windows:6 windows x64 arch:x64

Password: infected

4cd0855d8262939d4ac1c7b198fc51bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetFileTime
GetShortPathNameW
GetVolumeInformationW
SetEndOfFile
SetFilePointer
SetFileValidData
UnlockFileEx
GetVolumeNameForVolumeMountPointW
GetCompressedFileSizeW
AreFileApisANSI
SetFileApisToANSI
EncodePointer
DecodePointer
EncodeSystemPointer
DecodeSystemPointer
SetHandleInformation
SetLastError
DisconnectNamedPipe
PeekNamedPipe
GetNamedPipeInfo
GetNamedPipeHandleStateW
CreateIoCompletionPort
PostQueuedCompletionStatus
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReleaseSemaphore
ReleaseMutex
CancelWaitableTimer
GetProcessTimes
GetCurrentProcessId
GetExitCodeProcess
GetCurrentThread
GetThreadPriorityBoost
GetThreadPriority
GetExitCodeThread
GetProcessVersion
SetPriorityClass
GetPriorityClass
GetProcessId
GetThreadContext
FlushInstructionCache
GetThreadTimes
OpenProcess
GetProcessHandleCount
GetProcessPriorityBoost
SetProcessPriorityBoost
GetThreadIOPendingFlag
SetThreadIdealProcessor
SetSystemTimeAdjustment
CreateFileMappingW
FlushViewOfFile
SetProcessWorkingSetSize
GetWriteWatch
ResetWriteWatch
CreateMemoryResourceNotification
QueueUserWorkItem
IsProcessInJob
AssignProcessToJobObject
SetInformationJobObject
QueryInformationJobObject
DisableThreadLibraryCalls
FreeResource
GetModuleFileNameA
GetModuleFileNameW
LockResource
GlobalUnlock
GlobalCompact
GlobalUnfix
GlobalUnWire
GetFileAttributesExW
LocalShrink
LocalCompact
GetProcessAffinityMask
GetProcessIoCounters
SwitchToFiber
ConvertFiberToThread
CreateFiberEx
CreateFiber
ConvertThreadToFiber
SetThreadAffinityMask
PulseEvent
GlobalDeleteAtom
InitAtomTable
DeleteAtom
SetHandleCount
SetMessageWaitingIndicator
ClearCommBreak
ClearCommError
EscapeCommFunction
GetCommMask
GetCommModemStatus
GetCommTimeouts
TransmitCommChar
PrepareTape
EraseTape
CreateTapePartition
GetTapeStatus
MulDiv
FindFirstVolumeW
SetMailslotInfo
lstrcmpW
lstrcmpiW
lstrcpynW
lstrcpyW
BackupRead
BackupSeek
AddAtomW
CopyFileW
MoveFileW
GetNamedPipeHandleStateA
SetVolumeLabelW
MapUserPhysicalPagesScatter
FindVolumeMountPointClose
GetNumaProcessorNode
GetDateFormatW
GetStringTypeExW
GetACP
GetOEMCP
LCMapStringW
GetUserGeoID
SetThreadLocale
GetSystemDefaultLangID
GetStringTypeA
EnumUILanguagesW
GetConsoleMode
PeekConsoleInputW
ReadConsoleW
WriteConsoleW
SetConsoleCtrlHandler
FillConsoleOutputAttribute
SetConsoleActiveScreenBuffer
SetConsoleCP
SetConsoleOutputCP
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleCursorPosition
ReadConsoleOutputAttribute
WriteConsoleOutputW
GetConsoleSelectionInfo
GetConsoleProcessList
CloseHandle
SetFilePointerEx
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetFileAttributesW
FlushFileBuffers
LocalUnlock
GetProcessHeap
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
IsValidCodePage
FindFirstFileExW
FindFirstChangeNotificationW
FindClose
FindNextFileW
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
WriteFile
RtlPcToFileHeader
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
FindNextChangeNotification
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
GetStdHandle
GetProcAddress
GetMailslotInfo
LoadLibraryA

user32

DialogBoxParamW
CreateCaret
GetCaretBlinkTime
DestroyCaret

gdi32

CreateBrushIndirect
CreateHatchBrush

winspool.drv

SetPrinterDataExW
SetPrinterDataW
EnumPrinterKeyW
EnumPrinterDataExW
EnumPrinterDataW
GetPrinterDataW
FindNextPrinterChangeNotification
ReadPrinter
AbortPrinter
FlushPrinter
WritePrinter
GetPrinterW
SetPrinterW
EnumJobsW
GetJobW
GetFormW
EnumFormsW
SetPortW
ConnectToPrinterDlg
FindFirstPrinterChangeNotification
ScheduleJob

advapi32

DecryptFileW
GetUserNameW

shell32

FindExecutableW
CommandLineToArgvW
SHPathPrepareForWriteW
SHParseDisplayName
SHBindToParent
SHGetSettings
ord176
ord6
ord88
SHGetDataFromIDListW
SHGetInstanceExplorer
SHGetDesktopFolder
SHGetPathFromIDListW
ord154
ord190
ord27
ord21
ord24
ord152
ord155
ord25
ord19
ord18
SHIsFileAvailableOffline
ord180
SHGetDiskFreeSpaceExA
Shell_NotifyIconW
SHEmptyRecycleBinW
SHQueryRecycleBinW
ExtractIconExW
DragQueryFileW
ExtractAssociatedIconW
ShellAboutW
ExtractIconW
ShellExecuteW
DragQueryPoint

magnification

MagGetColorEffect
MagSetColorEffect
MagGetFullscreenTransform
MagGetFullscreenColorEffect

comctl32

PropertySheetW
ord412
ord413
ord410
ord411
ord14
ord15
ord13

userenv

GetProfilesDirectoryW
GetUserProfileDirectoryW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4cd0855d8262939d4ac1c7b198fc51bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

magnification

comctl32

userenv

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 144KB - Virtual size: 165KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 29KB - Virtual size: 28KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 144KB - Virtual size: 165KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 29KB - Virtual size: 28KB