6e15f0265e92a16b5b7c73bf7cf4ca8f24e9f121fac014cc3c3c362313fa07fe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

6e15f0265e92a16b5b7c73bf7cf4ca8f24e9f121fac014cc3c3c362313fa07fe.zip
Size

444KB
MD5

8e6adc7194f604c96ebefa5dc607f33c
SHA1

80f8b4952781c875bed49b95d3ba561caf2f828b
SHA256

c3d8adfc1686912e5abf980b99fae57023ba87a471df29e03684c36126378093
SHA512

13925760d5be5bce8460c23a36a080a55b016e5f4e1e68ead9d8c8a45ff8beaa26993013515b74c7c887dddd00cec99a1e9b6731bcc34aa66ea751b99ff78b21
SSDEEP

12288:IkYmvACtaj7zHVbZS81lm++EpxcnCEgS0:DYdCte3VbZrlT+rCa0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6e15f0265e92a16b5b7c73bf7cf4ca8f24e9f121fac014cc3c3c362313fa07fe

Files

6e15f0265e92a16b5b7c73bf7cf4ca8f24e9f121fac014cc3c3c362313fa07fe.zip
.zip

Password: infected
6e15f0265e92a16b5b7c73bf7cf4ca8f24e9f121fac014cc3c3c362313fa07fe
.exe windows:6 windows x86 arch:x86

Password: infected

b926cc744131fa21ce78cb1596a4898b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
FreeConsole
FindClose
CloseHandle
GetCommandLineW
WinExec
DeleteFileW
CopyFileExW
GetSystemInfo
CreateThread
GetModuleHandleW
GetComputerNameExW
GetUserDefaultLocaleName
WideCharToMultiByte
ReleaseSRWLockExclusive
GetQueuedCompletionStatusEx
AcquireSRWLockExclusive
SetLastError
GetFinalPathNameByHandleW
Sleep
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
CreateMutexW
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
ReleaseSRWLockShared
PostQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryExA
FreeLibrary
GetConsoleOutputCP
FlushFileBuffers
HeapSize
DecodePointer
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
RaiseException
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RtlUnwind
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

user32

MessageBoxW
SystemParametersInfoA
EnumDisplayMonitors
EnumDisplaySettingsExW
GetMonitorInfoW

shell32

ShellExecuteW

oleaut32

GetErrorInfo
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData

rstrtmgr

RmEndSession
RmGetList
RmStartSession
RmRegisterResources

ntdll

NtReadFile
NtWriteFile
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile

gdi32

CreateCompatibleDC
GetDeviceCaps
SelectObject
SetStretchBltMode
CreateDCW
CreateCompatibleBitmap
DeleteDC
StretchBlt
GetDIBits
DeleteObject
GetObjectW

advapi32

SystemFunction036

bcrypt

BCryptGenRandom

ole32

CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoInitializeSecurity

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b926cc744131fa21ce78cb1596a4898b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

rstrtmgr

ntdll

gdi32

advapi32

bcrypt

ole32

Sections

.text Size: 580KB - Virtual size: 580KB

.rdata Size: 184KB - Virtual size: 184KB

.data Size: 8KB - Virtual size: 8KB

.reloc Size: 28KB - Virtual size: 28KB

.text
Size: 580KB - Virtual size: 580KB

.rdata
Size: 184KB - Virtual size: 184KB

.data
Size: 8KB - Virtual size: 8KB

.reloc
Size: 28KB - Virtual size: 28KB