76CFCC60E73F4A5326E7CC11431F9F785E9B5D59E4D0DB7E5CE51966D0D12B8A[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

76CFCC60E73F4A5326E7CC11431F9F785E9B5D59E4D0DB7E5CE51966D0D12B8A.zip
Size

383KB
MD5

319974fe6a54a08cb2cb718d8e864cbb
SHA1

581f7bfd0c0286e37fed95789df50b9c73887393
SHA256

8880851575a7d2a2c40267ce2dedcf9f21a92d4d3721674cb8b59cb45d986fa5
SHA512

e3caedc66c068a7e90476380feddc8683c0a244c478a6b1bf6ee209ac599f7afdc2ae47575f2aa99cdf38a2fd269f5cd03567495d1b7f526bdedf6ee1ae2ea89
SSDEEP

6144:ozU4Pjb3RyO+sHUvuFddNE9AF8HhwrJFmS3UZ2aor/GyJTo1haXUqnY+QfYG6SNW:l4PPhyOTUGFdo+JRq2alyMhCPY6zSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/76CFCC60E73F4A5326E7CC11431F9F785E9B5D59E4D0DB7E5CE51966D0D12B8A

Files

76CFCC60E73F4A5326E7CC11431F9F785E9B5D59E4D0DB7E5CE51966D0D12B8A.zip
.zip

Password: infected
76CFCC60E73F4A5326E7CC11431F9F785E9B5D59E4D0DB7E5CE51966D0D12B8A
.dll windows:5 windows x86 arch:x86

d095fd42f0ed4af2b387746b7d14dc27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLastError
GetACP
CompareStringW
LocalFree
CloseHandle
TlsAlloc
WideCharToMultiByte
GetTickCount
MultiByteToWideChar
LoadLibraryA
GetVersion
VirtualFree
RaiseException
GetStartupInfoW
ExitProcess
SwitchToThread
InitializeCriticalSection
VirtualAlloc
WriteFile
RtlUnwind
GetSystemInfo
GetCommandLineW
GetProcAddress
DeleteCriticalSection
TlsGetValue
GetStdHandle
TlsSetValue
GetModuleHandleW
FreeLibrary
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
TlsFree
VirtualQuery
SetThreadLocale
Sleep

oleaut32

SysFreeString

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 115B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d095fd42f0ed4af2b387746b7d14dc27

Headers

File Characteristics

Imports

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.itext Size: 512B - Virtual size: 256B

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 13KB

.idata Size: 1024B - Virtual size: 1008B

.didata Size: 512B - Virtual size: 292B

.edata Size: 512B - Virtual size: 115B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 483KB - Virtual size: 483KB

.text
Size: 31KB - Virtual size: 31KB

.itext
Size: 512B - Virtual size: 256B

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 13KB

.idata
Size: 1024B - Virtual size: 1008B

.didata
Size: 512B - Virtual size: 292B

.edata
Size: 512B - Virtual size: 115B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 483KB - Virtual size: 483KB