MDE_File_Sample_80d299bbf72a55e580d27840b1e3fd5cadfd5c70[.]zip

Resubmissions

09/04/2024, 06:21

240409-g4j5xabh31 3

09/04/2024, 06:11

240409-gx2rdabg8y 3

28/02/2023, 13:56

230228-q82eesbc3x 1

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_80d299bbf72a55e580d27840b1e3fd5cadfd5c70.zip
Size

13KB
MD5

ccf53e8d25de16157c970030fac6df68
SHA1

2b76c2417ac186d3925e1737dd257877693f02e7
SHA256

7347b7c54abb167a1e1a154f35947a6b04b9613f818cba8a856b7c25a518a086
SHA512

9b6426e809960d57253f8c8cfbc0be0084b762ca15b5216d8dc56a450acab90684065c76f94366edc68d79600aa60a3f61608abca4903c06e40b4f06ffc5222b
SSDEEP

192:hn5c2eOJeay2XfWzREs4MZZZWEN/fV44o0IfvUyhnOefpI1qDlOBphuD0QE/ennc:hn5aOJeV2XfW2kN/TI00GS+hQJnt2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cmdow.exe

Files

MDE_File_Sample_80d299bbf72a55e580d27840b1e3fd5cadfd5c70.zip
.zip

Password: infected
cmdow.exe
.exe windows:4 windows x86 arch:x86

Password: infected

e94cb697b80ede503a02f5a09277a9b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrlenA
ExitProcess
WriteFile
GetStdHandle
lstrcatA
GetCommandLineA
SetConsoleDisplayMode
GetVersionExA
WideCharToMultiByte
HeapAlloc
GetProcessHeap
GetCurrentProcessId
GetTickCount
GetConsoleTitleA
CloseHandle
TerminateProcess
OpenProcess
CreateProcessA
HeapReAlloc
HeapFree
lstrcmpiA
SetConsoleTitleA
Sleep
lstrcmpA
GetStringTypeW
GetStringTypeA
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW

user32

GetWindow
GetWindowLongA
IsWindow
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
GetParent
ScreenToClient
GetWindowRect
SetWindowTextA
MoveWindow
SetWindowPos
wsprintfA
wvsprintfA
FindWindowA
PostMessageA
GetWindowTextA
GetWindowThreadProcessId
GetWindowTextLengthA
GetDesktopWindow
GetClassNameA
EnumWindows
ShowWindowAsync
EnableWindow
EnumChildWindows

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e94cb697b80ede503a02f5a09277a9b6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 25KB - Virtual size: 26KB

.rsrc Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 25KB - Virtual size: 26KB

.rsrc
Size: 2KB - Virtual size: 1KB