e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600

Sharing

Copy URL

Twitter E-mail

General

Target

e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600
Size

79KB
MD5

1e3a794bd7c4ab5703b0b07b2b52c6d0
SHA1

e777ec7c627c97f4539b9ca8797bea77e33c9ca4
SHA256

e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600
SHA512

fcc48b6b4724f11dfb0c3b2e976f50addec5e6d46c4de8dfe14a7ef2541727d7998ad4b6f7ca9a1c969f64a5fba62d0fc4e07d1ce3f285a9994758a431baf41b
SSDEEP

1536:Nkb3J8DaxRoomzq3bs0elJSSwwOokPZuaWvQwzfuJRAdA+7Az:NkzJVxKoVsl0Xwej7GWJRAdA+Ez

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76.exe

Files

e94a083d8625a65b03889b5a0f41fe4c2126d044d8be3415e40a80f63c7d9600
.zip

Password: infected
0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76.exe
.exe windows:5 windows x86 arch:x86

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetShareEnum
NetWkstaGetInfo
NetApiBufferFree

iphlpapi

GetAdaptersInfo

ws2_32

WSAGetLastError
ioctlsocket
htons
connect
socket
inet_addr
WSAStartup
select
closesocket
__WSAFDIsSet
WSACleanup

crypt32

CryptBinaryToStringA

gdiplus

GdipDeleteGraphics
GdipDeleteStringFormat
GdipDeleteFont
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageGraphicsContext
GdipDeleteFontFamily
GdipCreateLineBrushFromRect
GdipCreateStringFormat
GdiplusStartup
GdipDisposeImage
GdipCloneBrush
GdipDrawString
GdipFree
GdipGetGenericFontFamilySansSerif
GdipFillRectangle
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipSetStringFormatLineAlign

shlwapi

PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionA
PathRemoveFileSpecW
PathRemoveBackslashW
StrFormatByteSize64A

mpr

WNetAddConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetGetConnectionW
WNetCloseEnum

ntdll

RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
NtSetInformationThread
RtlCreateUserThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationToken
VerSetConditionMask
RtlGetAce
NtOpenProcess
RtlQueryInformationAcl
RtlAllocateAndInitializeSid
RtlAddAce
RtlLengthSid
RtlAdjustPrivilege
RtlFreeSid
RtlAddAccessDeniedAce
RtlCreateAcl
NtSetInformationFile
RtlDosPathNameToNtPathName_U
RtlInterlockedPushEntrySList
RtlInitializeSListHead
RtlInterlockedPopEntrySList
RtlInterlockedFlushSList
RtlInitUnicodeString
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
RtlAcquirePebLock
RtlReleasePebLock

msvcrt

srand
malloc
free
rand
calloc

kernel32

CreateFileW
GetFileAttributesW
GetDiskFreeSpaceExW
FindClose
WaitForMultipleObjects
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
ReadFile
CreateProcessW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
SetVolumeMountPointW
FindNextFileW
FindFirstFileExW
GetLogicalDrives
AllocConsole
GetConsoleWindow
GetProcAddress
FindFirstVolumeW
QueryDosDeviceW
WaitForSingleObject
CreateProcessA
lstrcmpiA
GetCurrentProcessId
MoveFileExW
Process32Next
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetComputerNameA
VerifyVersionInfoW
GetSystemInfo
GetVersionExA
LoadLibraryA
OpenMutexA
CreateMutexA
GetTickCount
GetTempFileNameW
GetTempPathW
GetDriveTypeW
lstrcmpiW
ExitProcess
CreateThread
CloseHandle
DeleteFileW
GetLocalTime
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetConsoleTitleA
WriteFile
SetConsoleMode
SetProcessShutdownParameters
SetThreadUILanguage
ExitThread
GetModuleHandleA
Sleep
GetConsoleMode
SetFileAttributesW

user32

DispatchMessageA
IsWindowVisible
DeleteMenu
wsprintfA
ShowWindow
SetWindowLongA
GetMessageA
GetWindowLongA
RegisterHotKey
RegisterClassA
DefWindowProcA
FlashWindow
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
wsprintfW
EnableMenuItem
SetForegroundWindow
CharUpperA
GetSystemMenu
GetMessageW
SystemParametersInfoW
wvsprintfA
GetSystemMetrics
CharLowerBuffW
PeekMessageW

advapi32

OpenSCManagerA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
SetThreadToken
RegOpenKeyA
CryptReleaseContext
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
CreateProcessAsUserW
DuplicateToken
DuplicateTokenEx
GetTokenInformation
SetSecurityInfo
GetSecurityInfo
EnumDependentServicesA
CloseServiceHandle
InitializeSecurityDescriptor
CheckTokenMembership
RegSetValueExA
ControlService
RegSetValueExW
RegDeleteValueW
QueryServiceStatusEx
RegQueryValueExW
OpenServiceA
SetFileSecurityW
CryptAcquireContextW
SetSecurityDescriptorOwner
CryptGenRandom
LookupPrivilegeValueA
CreateWellKnownSid

shell32

CommandLineToArgvW
SHEmptyRecycleBinW
ShellExecuteExA
ShellExecuteExW

ole32

CoGetObject
CoUninitialize
CoInitializeEx

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

be232aa2621354bf5dd7b405cc99198c

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

iphlpapi

ws2_32

crypt32

gdiplus

shlwapi

mpr

ntdll

msvcrt

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 8KB