7db06c14fdd51e1275688a51ab42e850747eb4eb903ff3cf3e2893cfee32cb16[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

7db06c14fdd51e1275688a51ab42e850747eb4eb903ff3cf3e2893cfee32cb16.zip
Size

398KB
MD5

5841f06067581c2d13c8b7a70e2deb3b
SHA1

87018fa311fb349c8f365ff5e521ff852dfb5d1e
SHA256

0cd3549d582f7178ff61292341a738a1c892312c46a93861a144c5a58ad41976
SHA512

96120baf87b9a1e38695a8161e3e087c5b3390a3544b14e8f650b11332216e7a512244aa23770b9524855ea326a41f839c944c0047b8a788734f01172ea0cf2c
SSDEEP

12288:83NWIdf8UrK4T2Thntz82ekVaeGDap0HzAG:+WId0UrEDjP0eGD+G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7db06c14fdd51e1275688a51ab42e850747eb4eb903ff3cf3e2893cfee32cb16

Files

7db06c14fdd51e1275688a51ab42e850747eb4eb903ff3cf3e2893cfee32cb16.zip
.zip

Password: infected
7db06c14fdd51e1275688a51ab42e850747eb4eb903ff3cf3e2893cfee32cb16
.exe windows:4 windows x86 arch:x86

Password: infected

0e0659d8eaac3260f3255cea6fa4fe4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\clients\lexmark\dell\dellstat\uninstaller\Release\uninstaller.pdb

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
TerminateProcess
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
IsBadWritePtr
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFindAtomW
LoadLibraryA
GetVersionExA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
SetLastError
FormatMessageW
LocalFree
GlobalFlags
GlobalUnlock
GlobalFree
InterlockedDecrement
InterlockedIncrement
lstrcpynW
lstrcatW
WritePrivateProfileStringW
GlobalAddAtomW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
GlobalLock
lstrcmpW
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
WideCharToMultiByte
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
GetLocaleInfoW
Sleep
CreateMutexW
ReleaseMutex
CloseHandle
GetLastError
GetModuleFileNameW
CopyFileW
FindFirstFileW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
GetLocaleInfoA
GetACP
VirtualProtect
InterlockedExchange

user32

LoadIconW
MapWindowPoints
SetForegroundWindow
GetClientRect
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
UnregisterClassW
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongW
GetDlgItem
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringW
DrawTextExW
DrawTextW
GetMenuItemID
GetSubMenu
GetMessagePos
UnhookWindowsHookEx
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextW
SetWindowTextW
GetClassNameW
GetMenuItemCount
LoadCursorW
GetCapture
ClientToScreen
SetMenuItemBitmaps
GetFocus
SendMessageW
RegisterWindowMessageW
PostMessageW
DestroyMenu
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetMessageTime
DestroyWindow
GetCursorPos
ValidateRect
MessageBoxW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PostQuitMessage
wsprintfW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
TabbedTextOutW
GetTopWindow
GetMenu

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
GetStockObject
CreateBitmap
GetDeviceCaps
DeleteObject
SaveDC

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetFolderPathW

comctl32

ord17

shlwapi

SHDeleteKeyW
PathFindExtensionW
PathFindFileNameW
SHDeleteValueW

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0e0659d8eaac3260f3255cea6fa4fe4f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

oleacc

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 436KB - Virtual size: 433KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 436KB - Virtual size: 433KB