3EE3BFAF509E11D5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

3EE3BFAF509E11D5.zip
Size

53KB
MD5

9109247342f83b4e2161480aadef3fdf
SHA1

742eb1614a34d0f79a07403ca9f17a5744ff7a69
SHA256

2422ae7744e47d20285c623914bebc87ad875d41c78091fb742acaa1e6b4fcbf
SHA512

633da17f3753dcc767941aa03f3fec636d818ed66214f94025dbd0c2e7c70a773d7902780a39bdb9d1a70e2ef9559a7b2435c6d2d053ed33e79e61531add22c7
SSDEEP

1536:30Mjq01azttXWebeNwYZ3eFOg0eyBalJkiMKrTdg8M1C:3xL0ztwq2HOF5uaoKn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fd2904b9d06e210f163cb799eda9f1b4d1a51aabc80a3ecf047b448065ac132e

Files

3EE3BFAF509E11D5.zip
.zip

Password: infected
fd2904b9d06e210f163cb799eda9f1b4d1a51aabc80a3ecf047b448065ac132e
.dll windows:6 windows x64 arch:x64

7a8c0c90d7a85d2368d73bf37fa6b2a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wayzgoose.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
NtOpenProcess
ZwClose
ZwDuplicateObject
NtSetInformationFile

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
WriteConsoleW
GetModuleFileNameW
GetTempPathW
CreateFileW
ResumeThread
UnmapViewOfFile
DisableThreadLibraryCalls
CloseHandle
CreateProcessW
MapViewOfFile
GetFileType
TlsAlloc
GetStdHandle
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW

advapi32

OpenThreadToken
SetThreadToken

Exports

Exports

wayzgoose_get_version

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

7a8c0c90d7a85d2368d73bf37fa6b2a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1024B - Virtual size: 784B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1024B - Virtual size: 784B

.reloc
Size: 2KB - Virtual size: 1KB