sample (9)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

sample (9).zip
Size

652KB
MD5

806ddb4edca680080323a8b709b82e29
SHA1

688eb29e5829a4a9563525f088dce82d4b52bfc2
SHA256

82db22971fa377c76e92a0ffaca4d966088225c1f38bea49a0eb744b62c378c3
SHA512

4bb6ad6c32f0e4576a985b55429395aa1df1e12c73ea3fff1ca2e1bd7ce302f08919713ec74e71a0ec097e97b166b29b261c63f4c2de928758f4cca4496edb2e
SSDEEP

12288:gZ5JaxNKZSFHV7c2R1R/zmq7U1ge0AQW6mzqQ4oWo5qRs/xfQ0:gZvan/7c2RrH7UyUQW64qQ4oWoKs/xfz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample.mlw

Files

sample (9).zip
.zip

Password: infected
sample.mlw
.exe windows:5 windows x86 arch:x86

90d0fdbdd8509161f8cda102c84aae54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gobobelabunoh-gahe.pdb

Imports

kernel32

GlobalAddAtomA
GetCurrentProcess
QueryDosDeviceA
GetNumberFormatA
ReadConsoleW
GetCompressedFileSizeW
GlobalFindAtomA
LoadLibraryW
ReadConsoleInputA
GetConsoleAliasExesLengthW
LeaveCriticalSection
GetConsoleAliasW
WriteConsoleW
FileTimeToSystemTime
GetModuleFileNameW
GetEnvironmentVariableA
ExitThread
GetConsoleOutputCP
GetLastError
SetLastError
GetLocaleInfoA
GetProcAddress
IsValidCodePage
InterlockedExchangeAdd
LocalAlloc
CreateHardLinkW
FindFirstVolumeMountPointW
RemoveDirectoryW
VirtualLock
VirtualProtect
GetCurrentDirectoryA
GetWindowsDirectoryW
DeleteTimerQueueTimer
MoveFileWithProgressW
GetTempPathA
FindNextVolumeA
WriteProcessMemory
GetVolumeInformationW
SetThreadContext
GetThreadLocale
FindResourceA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
DeleteCriticalSection
IsProcessorFeaturePresent
HeapFree
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineW
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
IsDebuggerPresent
GetProcessHeap
HeapSize
GetCurrentThreadId
CloseHandle
GetStdHandle
WriteFile
LoadLibraryExW
GetACP
GetOEMCP
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
SetFilePointerEx
CreateFileW
SetEndOfFile
ReadFile

gdi32

SetTextJustification
SelectPalette

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 606KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

90d0fdbdd8509161f8cda102c84aae54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdi32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 606KB - Virtual size: 4.7MB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 606KB - Virtual size: 4.7MB

.rsrc
Size: 24KB - Virtual size: 23KB