cbd0d883049b4a57651dd6026a1e68523fbdf000ebaa8aa9ceb8197dc2628bb5

Sharing

Copy URL Twitter E-mail

General

Target

cbd0d883049b4a57651dd6026a1e68523fbdf000ebaa8aa9ceb8197dc2628bb5
Size

400KB
MD5

1ed59b38a24bb94dc9ef74076716eb46
SHA1

5999581c19cea4ac106b64738c2c002714d1a4f9
SHA256

cbd0d883049b4a57651dd6026a1e68523fbdf000ebaa8aa9ceb8197dc2628bb5
SHA512

8f5cd8647065389dc8cbbe98976857e7ec0c7888be86118c888bd5ffbfa7e8f1756f148b445fd67924c5d4f9508c3cbdd2e8d1865d33ea4be6aa9e36454346d6
SSDEEP

12288:2WxFywFwLrxioS9nkec9OMDtzlzZ1NfFI8ImkKU:2yZexioS5xc9LBldbF9zU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/222550d01c5123fd8ab3989ba63bd928e4dcc23f3c04c3895ec9afce7057d62c.exe

Files

cbd0d883049b4a57651dd6026a1e68523fbdf000ebaa8aa9ceb8197dc2628bb5
.zip

Password: infected
222550d01c5123fd8ab3989ba63bd928e4dcc23f3c04c3895ec9afce7057d62c.exe
.exe windows:5 windows x86 arch:x86

511795205251937189f1413f04853250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
PulseEvent
GetConsoleAliasesLengthW
GetProcessIoCounters
WriteConsoleOutputCharacterA
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
InterlockedDecrement
CreateDirectoryW
CreateNamedPipeW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapCreate
ReplaceFileA
GetConsoleAliasesW
GetStdHandle
GetComputerNameA
SetLastError
CreateTimerQueueTimer
SetStdHandle
PrepareTape
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
EnumDateFormatsW
GetFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetCurrentDirectoryW
GetSystemDefaultLangID
FlushFileBuffers
GetConsoleMode
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
CreateFileW

user32

SetActiveWindow
GetClassLongA

advapi32

GetAce

ole32

CoTaskMemFree

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

511795205251937189f1413f04853250

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 415KB - Virtual size: 414KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 11KB - Virtual size: 4.0MB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 11KB - Virtual size: 4.0MB

.rsrc
Size: 6KB - Virtual size: 6KB