f30b9f6e913798ca52154c88725ee262a7bf92fe7caac1ae2e5147e457b9b08a (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

f30b9f6e913798ca52154c88725ee262a7bf92fe7caac1ae2e5147e457b9b08a (1).zip
Size

57KB
MD5

d97e53e681b58f07fae2fa114b5867a6
SHA1

9c3b26c9a026aac42363b05953383ec793cb31fb
SHA256

64eb95302a67e42685ecbafe7ce666cbad5cc5570e0a33125f876ff73cbeb2f3
SHA512

7ce68d625f4cf137567b33ac648957ca7e38ea32b234cdc8bdcc0b66b9fe85e25b01eb6e45033882b48481027a63512a37d8fd6f362ec9a69b076e91af2bdd26
SSDEEP

768:BxnPOTRUXtNLdnzce6gw6tBg9/wWKImWvcESjnxIZeI9PLchYtT4fmVnDZhrnbtM:BxPDvbQwWZx/PohKT4fmVdlJkN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f30b9f6e913798ca52154c88725ee262a7bf92fe7caac1ae2e5147e457b9b08a

Files

f30b9f6e913798ca52154c88725ee262a7bf92fe7caac1ae2e5147e457b9b08a (1).zip
.zip

Password: infected
f30b9f6e913798ca52154c88725ee262a7bf92fe7caac1ae2e5147e457b9b08a
.dll windows:5 windows x64 arch:x64

Password: infected

9953472df0cd811a6d9a53885ecaaf21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapReAlloc
HeapFree
HeapSize
HeapValidate
GetProcessHeap
VirtualFree
VirtualProtect
MultiByteToWideChar
WideCharToMultiByte
CreateThread
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetNativeSystemInfo
GetModuleFileNameW
GetModuleHandleExW
CreateMutexW
OpenMutexW
CreateWaitableTimerW
CreateEventW
SetProcessShutdownParameters
GetProcessShutdownParameters
LocalFree
GetProcessTimes
OpenProcess
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
GetProcessId
DuplicateHandle
SetHandleInformation
CompareFileTime
CreatePipe
PeekNamedPipe
lstrcmpiW
CreateProcessW
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ResetEvent
GetSystemTimeAsFileTime
GetVersionExW
GetLocaleInfoW
GetModuleHandleW
lstrcmpW
HeapAlloc
WaitForMultipleObjects
WaitForSingleObject
MoveFileExW
SetEvent
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
GetTempFileNameW
GetTempPathW
FindClose
SetFilePointerEx
ReadFile
GetFileSizeEx
Sleep
GetShortPathNameW
WaitForMultipleObjectsEx
WaitForSingleObjectEx
SleepEx
GetLastError
DeleteFileW
CreateFileW
CloseHandle
SetWaitableTimer
WriteFile

user32

SetWindowLongPtrW
TranslateMessage
DefWindowProcW
UnregisterClassW
RegisterClassExW
CreateWindowExW
OemToCharA
GetMessageW
IsCharAlphaNumericA
wsprintfW
DispatchMessageW
GetSystemMetrics
DestroyWindow
GetWindowLongPtrW
GetLastInputInfo

advapi32

CryptDecrypt
CryptImportKey
CryptGenRandom
CryptDestroyKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
GetCurrentHwProfileW
OpenProcessToken
GetTokenInformation
GetUserNameW
RegCreateKeyExW
RegSetValueExW
CryptEncrypt

shell32

CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayCreate
SysAllocString
SysFreeString
SafeArrayUnaccessData
VariantInit

shlwapi

StrStrNIW
PathRemoveFileSpecW
StrToIntW
SHDeleteKeyW

netapi32

NetWkstaGetInfo
NetUserGetInfo
NetApiBufferFree

crypt32

CryptImportPublicKeyInfo
CryptStringToBinaryW
CryptDecodeObjectEx

ws2_32

htonl

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9953472df0cd811a6d9a53885ecaaf21

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

netapi32

crypt32

ws2_32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 164B

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 164B