1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.zip
Size

67KB
MD5

b93649ae694a39d910536772045203e9
SHA1

ae5b69cbfaa244ae9f12e050718ca531868d789e
SHA256

ebe7750b041da33f5213aa714a8c8a26542ca6f4581314fd193b71560abe7e0b
SHA512

a3c629eab07200e7acd32026fb7f85bfb59f62ffa009418b406d79f925704c11036ea2d681aa4a27a7a325adc0874308f2a30e1ab21ef5c32befb7c8c6fbd515
SSDEEP

1536:20kbHA3temebeMtvY9bg8mlSkARQ+A5q4n4Tu2m52sUFGM5qlr:d+otemmeMukcXD4n4LzsUFF5k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.exe

Files

1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.zip
.zip

Password: infected
1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.exe
.exe windows:4 windows x86 arch:x86

6f04a13cc4db6f4df4b4c53a7da2c81e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
CreateFileA
TerminateThread
SetCurrentDirectoryA
GetFileSize
CloseHandle
GetFileTime
FindClose
FindNextFileA
FindFirstFileA
GetModuleHandleA
VirtualAlloc
LoadLibraryW
GetProcAddress
FileTimeToSystemTime
GetCurrentDirectoryA
GetStartupInfoA

user32

SetDlgItemTextA
CheckDlgButton
DispatchMessageA
GetCursorPos
SendMessageA
MessageBoxA
DestroyMenu
LoadImageA
TrackPopupMenu
LoadMenuA
GetSubMenu
SetDlgItemInt
GetDlgItem
GetClientRect
DefWindowProcA
PeekMessageA
TranslateMessage
KillTimer
DestroyWindow
PostQuitMessage
LoadCursorA
LoadIconA
RegisterClassA
GetSystemMetrics
CreateWindowExA
DestroyIcon
DestroyCursor
SetTimer
GetDlgItemInt
GetDlgItemTextA
IsDlgButtonChecked
ShowWindow
SetForegroundWindow
CreateDialogParamA

gdi32

DeleteObject
GetStockObject

shell32

Shell_NotifyIconA

wsock32

WSACleanup
WSAStartup
accept
recv
socket
bind
listen
send
closesocket
htons

comctl32

ord17

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
time
gmtime
_endthread
_beginthread
free
tolower
toupper
sscanf
sprintf
malloc
exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit

Exports

Exports

lhxXfY9mIrDZ

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 615B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

6f04a13cc4db6f4df4b4c53a7da2c81e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

wsock32

comctl32

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 615B

.data Size: 12KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 116KB - Virtual size: 114KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 615B

.data
Size: 12KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 116KB - Virtual size: 114KB

.reloc
Size: 4KB - Virtual size: 1KB