2830b6dbecf99ca3d5f96dc0af11308b0c16656ffa1c001df209bf8fcd8f7f04

Sharing

Copy URL Twitter E-mail

General

Target

2830b6dbecf99ca3d5f96dc0af11308b0c16656ffa1c001df209bf8fcd8f7f04
Size

230KB
MD5

8e0888bb7bcfdf2c3ca1c857a0061ed1
SHA1

d0ad16700c87322e430de94684f4961ac2d4a543
SHA256

2830b6dbecf99ca3d5f96dc0af11308b0c16656ffa1c001df209bf8fcd8f7f04
SHA512

25866e38de9293a91373ab1ebb3dc396a93a950b66a14d32e4859e9dff8cbbbdf52be1782dcc0abad4e07e0dc90083c99de9c3fb1109360b4c77237e1bbe635e
SSDEEP

6144:qZMhX5JqiVJfM4afvqZhObmYgCIYlK/T+:q6hpMiVJfMBfgFYgCrlKS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/92bb1f19f3a6337be028edfb89c898d49927cbb732f94796251c70d29e8ba9e1.exe

Files

2830b6dbecf99ca3d5f96dc0af11308b0c16656ffa1c001df209bf8fcd8f7f04
.zip

Password: infected
92bb1f19f3a6337be028edfb89c898d49927cbb732f94796251c70d29e8ba9e1.exe
.exe windows:5 windows x86 arch:x86

b2c192dde66d798d732cf15b9e7a6998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
DebugActiveProcess
GetDateFormatW
CreateFileA
GetConsoleAliasesLengthW
GetNumaProcessorNode
HeapAlloc
InterlockedIncrement
HeapFree
CreateHardLinkA
ConnectNamedPipe
GetModuleHandleW
ReadConsoleOutputA
GlobalAlloc
GlobalFindAtomA
LoadLibraryW
GetLocaleInfoW
GetConsoleAliasExesLengthW
GetFileAttributesA
lstrcpynW
GetAtomNameW
LocalHandle
GetModuleFileNameW
FindNextVolumeMountPointW
SetConsoleTitleA
WritePrivateProfileStringW
GetThreadLocale
GetProcAddress
SetComputerNameA
SetCalendarInfoW
SetConsoleDisplayMode
WaitForMultipleObjects
SetSystemTime
SetConsoleTitleW
HeapSetInformation
VirtualProtect
GetCurrentDirectoryA
DeleteCriticalSection
FindAtomW
CreateFileW
ReadFile
FlushFileBuffers
EncodePointer
DecodePointer
ExitProcess
GetCommandLineW
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
IsProcessorFeaturePresent
WriteFile
GetStdHandle
HeapCreate
EnterCriticalSection
LeaveCriticalSection
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
HeapReAlloc
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
CloseHandle

user32

GetMonitorInfoW
LoadIconA
CopyRect

winhttp

WinHttpCloseHandle
WinHttpAddRequestHeaders

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b2c192dde66d798d732cf15b9e7a6998

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winhttp

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 11KB - Virtual size: 1.0MB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 11KB - Virtual size: 1.0MB

.rsrc
Size: 31KB - Virtual size: 30KB