91CF32D270B993CC24E805951A3BB601E108CE291BE3F104E7C0D2A090804749[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

91CF32D270B993CC24E805951A3BB601E108CE291BE3F104E7C0D2A090804749.zip
Size

1.1MB
MD5

2c59b683ca0c0d46ebe227d92b0d4da7
SHA1

e040cdc0a438bd8016dcfe57724f83fc6701e0a7
SHA256

1c2a55c1ffae46247e51a104bf5b2460d23cba207056aea1080b9ea091ba20a2
SHA512

5fe04474912540a8d81ae7107fc129355173ab230bd63dd8b8780ccdcb0f28f04d635c96a22038a347261b718cb2430ab2e5ea27a32ce35d69625443977c2a78
SSDEEP

24576:QJaKICN5rQhip+VW/McuzkW827k8NALSxHRFm3q3b:QgMQhip+VW/MFzkW8qALSPcqL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/91CF32D270B993CC24E805951A3BB601E108CE291BE3F104E7C0D2A090804749

Files

91CF32D270B993CC24E805951A3BB601E108CE291BE3F104E7C0D2A090804749.zip
.zip

Password: infected
91CF32D270B993CC24E805951A3BB601E108CE291BE3F104E7C0D2A090804749
.exe windows:6 windows x86 arch:x86

Password: infected

14096c46cd743354558a1910c6be1462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

InitCommonControls

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

user32

CreateWindowExW
DrawTextW
GetMonitorInfoW
EnumDisplayMonitors
SystemParametersInfoW
MonitorFromPoint
ScrollWindowEx
MonitorFromWindow
SendMessageTimeoutW
CharNextW
LoadStringW
LoadCursorW

oleaut32

SafeArrayPutElement
LoadTypeLib
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
RegisterTypeLib
VariantChangeType
VariantCopyInd

advapi32

RegQueryValueExW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetACP
CloseHandle
LocalFree
VirtualProtect
GetTickCount
VirtualFree
GetStartupInfoW
ExitProcess
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
VirtualAlloc
RtlUnwind
GetCommandLineW
GetSystemInfo
GetProcAddress
GetStdHandle
GetModuleHandleW
FreeLibrary
FindFirstFileW
GetLastError
GetModuleFileNameW
lstrlenW
QueryPerformanceCounter
CompareStringW
CreateThread
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryA
CreateMutexW
GetVersion
RaiseException
SwitchToThread
GetEnvironmentVariableW
WriteFile
LocalFileTimeToFileTime
ExitThread
DeleteCriticalSection
TlsGetValue
TlsSetValue
LoadLibraryExW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
Sleep
SetThreadLocale

ole32

StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoDisconnectObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

GetTextExtentPoint32W
EnumFontsW
ExtTextOutW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

14096c46cd743354558a1910c6be1462

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

comctl32

shell32

user32

oleaut32

advapi32

netapi32

msvcrt

winhttp

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.itext Size: 10KB - Virtual size: 10KB

.data Size: 36KB - Virtual size: 35KB

.bss Size: - Virtual size: 28KB

.idata Size: 4KB - Virtual size: 4KB

.didata Size: 18KB - Virtual size: 18KB

.edata Size: 512B - Virtual size: 151B

.tls Size: - Virtual size: 76B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 234KB - Virtual size: 234KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.itext
Size: 10KB - Virtual size: 10KB

.data
Size: 36KB - Virtual size: 35KB

.bss
Size: - Virtual size: 28KB

.idata
Size: 4KB - Virtual size: 4KB

.didata
Size: 18KB - Virtual size: 18KB

.edata
Size: 512B - Virtual size: 151B

.tls
Size: - Virtual size: 76B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 234KB - Virtual size: 234KB