4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897

Sharing

Copy URL

Twitter E-mail

General

Target

4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897
Size

570KB
MD5

68aa34a65ba41100e2fcf54f5d5f56bf
SHA1

b66891c3243fc82afb74d0e3e86fe66c32392801
SHA256

4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897
SHA512

0165666753dd3cbd3b3e64f330640ee520948d740834cc239cdd4051d54af61456c92804b19cb45c8877e0bbb68b1bca238b54a56ae766d9925442193c45a889
SSDEEP

12288:X9Q+RBvsRWJ0jnmEGX5VztyOVHBQ/xyNqmcP1xsXZvf78vL:X9fB0enyc1NqPwXZXYj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe

Files

4d29e2f7e01654cdf3d4281e326c884f82290377fb9a44646b2c1d1943626897
.zip

Password: infected
48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
.exe windows:5 windows x86 arch:x86

efd88b96a3d1bf9894e7822b198a54f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
InterlockedDecrement
ZombifyActCtx
GetEnvironmentStringsW
SetEvent
GetModuleHandleW
GetWindowsDirectoryA
GetConsoleCP
GetSystemPowerStatus
GetCalendarInfoW
ReadProcessMemory
GetFileAttributesW
AllocConsole
lstrlenW
GetProcAddress
GetProcessHeaps
HeapUnlock
LocalAlloc
HeapLock
GetModuleFileNameA
CreateMutexA
SetFileShortNameA
FindActCtxSectionStringW
CommConfigDialogW
DeleteFileA
GetACP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateFileA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetEndOfFile
GetProcessHeap
ReadFile

advapi32

AdjustTokenPrivileges

Sections

.text
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 46.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

efd88b96a3d1bf9894e7822b198a54f3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 556KB - Virtual size: 556KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 11KB - Virtual size: 46.4MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 51KB - Virtual size: 50KB

.text
Size: 556KB - Virtual size: 556KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 11KB - Virtual size: 46.4MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 51KB - Virtual size: 50KB