98e76810925b8cef506bd99fff082b20e8742d7cd0429812a64510b286aa3809

Sharing

Copy URL Twitter E-mail

General

Target

98e76810925b8cef506bd99fff082b20e8742d7cd0429812a64510b286aa3809
Size

334KB
MD5

01350dfeda8b2cf8b32c1769fdf18a88
SHA1

8cd214e73798148721fd5ba7267330e74a80e714
SHA256

98e76810925b8cef506bd99fff082b20e8742d7cd0429812a64510b286aa3809
SHA512

c6a590e0f8c1d3f76b4581d7737e8acc406cd5b6af59de2805aeaeea3e47c1defdc88598afdb785332590cc5b17ecd8c28845ad21f0d879c615ad41556652a7c
SSDEEP

6144:MxYbcyUokVmBWqc586e9rIoiwxedGc0pQfpQnRIIyIFXgtInvLfOVJ9MPKYHF/7s:MarzkVmu58DNEoefE6iXeIvLvfo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe

Files

98e76810925b8cef506bd99fff082b20e8742d7cd0429812a64510b286aa3809
.zip

Password: infected
bbdac308d2b15a4724de7919bf8e9ffa713dea60ae3a482417c44c60012a654b.exe
.exe windows:6 windows x86 arch:x86

b4d5733390854900e9a765684837c828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageNtHeader

mpr

WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetEnumResourceW
WNetCloseEnum

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

kernel32

SetStdHandle
GetStdHandle
GetCommandLineW
WriteFile
GetLastError
CreateMutexA
GetCurrentProcessId
GetCurrentThreadId
GetDynamicTimeZoneInformation
WideCharToMultiByte
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CloseHandle
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFinalPathNameByHandleW
SetFileAttributesW
GetCurrentProcess
IsValidCodePage
GetProcAddress
LocalFree
GetDriveTypeW
GetCurrentThread
FormatMessageA
ExitThread
GetFileSizeEx
FlushFileBuffers
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateThread
LoadLibraryExW
FreeLibrary
GetTimeFormatW
GetACP
FreeLibraryAndExitThread
GetModuleHandleExW
GetFileType
ReadFile
ReadConsoleW
GetConsoleOutputCP
ExitProcess
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetModuleFileNameW
GetCommandLineA
HeapAlloc
HeapFree
GetModuleHandleW
MultiByteToWideChar
QueryPerformanceCounter
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
TlsFree
GetStringTypeW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LCMapStringEx
GetLocaleInfoEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
GetDateFormatW

shell32

ShellExecuteW

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

VariantInit
SysFreeString
SysAllocString

advapi32

LookupPrivilegeValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RevertToSelf
DuplicateTokenEx
SetThreadToken
SetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
ControlService
CloseServiceHandle

Sections

.text
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b4d5733390854900e9a765684837c828

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

mpr

wtsapi32

kernel32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 551KB - Virtual size: 550KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 17KB - Virtual size: 22KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 551KB - Virtual size: 550KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 17KB - Virtual size: 22KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 26KB