MaxsStupidZipFileScanner[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

MaxsStupidZipFileScanner.exe
Size

200KB
MD5

e48a10bfe0b5fc70fb5fb201e2a15a8e
SHA1

4d1acd4e53fcd1ca471931297939057418426a8a
SHA256

e67846454c5c7e86cb077a5c349b8ce526515101bf1c66b7af44d5c099b0bb72
SHA512

5352843bc600823a5825d6f3c36ed5f2660e0291ff8059b5baa86f69ecdd0b40a05e3c9a0a2e265c8ad57dbdf138f4facaf2f30412265b4c786de7022589110e
SSDEEP

6144:dQnaLViJ8gQZsEezHMg/afKh+tHA6TcWOchSI5Ezwtgz:dQn6i2yEezsg/aSMtHA6wWO8SeEzwtgz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

MaxsStupidZipFileScanner.exe

resource
MaxsStupidZipFileScanner.exe

Files

MaxsStupidZipFileScanner.exe
.exe windows:4 windows x86 arch:x86

b503c3802cbf66e0b29b4afd1f04ac9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateMutexA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetEnvironmentVariableA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
OpenMutexA
SetConsoleTextAttribute
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_stat64
remove

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-private-l1-1-0

memcmp
memcpy

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
__p__acmdln
_assert
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_initialize_narrow_environment
_set_app_type
_initialize_wide_environment
_initterm
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_fseeki64
_ftelli64
fclose
fflush
fgetc
fopen
fread
fread_s
freopen
fwrite
puts

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp
memset
strlen
strncmp
strtok

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_localtime64
_mktime64
_time64
_tzset
_utime64

api-ms-win-crt-utility-l1-1-0

rand
srand

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 512B - Virtual size: 175B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 119B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b503c3802cbf66e0b29b4afd1f04ac9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 120KB - Virtual size: 120KB

.data Size: 512B - Virtual size: 252B

.rdata Size: 10KB - Virtual size: 9KB

/4 Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 8KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 8B

.reloc Size: 2KB - Virtual size: 1KB

/14 Size: 512B - Virtual size: 56B

/29 Size: 3KB - Virtual size: 3KB

/41 Size: 512B - Virtual size: 175B

/55 Size: 512B - Virtual size: 160B

/67 Size: 512B - Virtual size: 56B

/80 Size: 512B - Virtual size: 119B

/91 Size: 512B - Virtual size: 372B

.text
Size: 120KB - Virtual size: 120KB

.data
Size: 512B - Virtual size: 252B

.rdata
Size: 10KB - Virtual size: 9KB

/4
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 8KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 2KB - Virtual size: 1KB

/14
Size: 512B - Virtual size: 56B

/29
Size: 3KB - Virtual size: 3KB

/41
Size: 512B - Virtual size: 175B

/55
Size: 512B - Virtual size: 160B

/67
Size: 512B - Virtual size: 56B

/80
Size: 512B - Virtual size: 119B

/91
Size: 512B - Virtual size: 372B