wiui4d6ph[.]zip[.]malware

Sharing

Copy URL

Twitter E-mail

General

Target

wiui4d6ph.zip.malware
Size

664KB
MD5

53e58e3a8798fd076d02adc2ce902bbb
SHA1

19a3ae4067f3272dd83a2363856d46790233dca4
SHA256

a095a17954dbbb6fc024c83f689abfe069745b1c006463524263f091a31a0f6a
SHA512

cf0b3e04347530c01fb6bc85b1eafd7cd7442abd8fc8d47ca4a40f8746842cc9a5ee508a0c5faa4e2c2834d9c33f164473e8fc98241cfd0a9ad8be0cbab1e018
SSDEEP

12288:d/0Qzqf0e5i48JM+6TFKywVt6PbEYU0eyJTT/Mu9oV01u1oaEP:t0zh56n6TFKywvCbEOxDMu9oyPaEP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

wiui4d6ph.zip.malware

resource
wiui4d6ph.zip.malware

Files

wiui4d6ph.zip.malware
.dll windows:4 windows x86 arch:x86

575d942b23dfcc476865145b0dd6ee57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\32\Space-Occur\348\Liquid\like.pdb

Imports

kernel32

FlushFileBuffers
LocalFree
LocalAlloc
CreateDirectoryW
CopyFileW
ResetEvent
VirtualAlloc
VirtualFree
VirtualProtect
GetCurrentDirectoryW
GetModuleFileNameW
GetEnvironmentVariableW
CreateSemaphoreW
SetConsoleOutputCP
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
HeapSize
SetEndOfFile
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
InterlockedExchange
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
CloseHandle
RtlUnwind
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
MultiByteToWideChar
ReadFile
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
HeapReAlloc
CreateFileA
SetConsoleCtrlHandler
FreeLibrary
SetEnvironmentVariableA

user32

SetParent
IntersectRect
EndDeferWindowPos
ExitWindowsEx
InflateRect

psapi

EnumProcesses
EmptyWorkingSet
EnumProcessModules
EnumDeviceDrivers
GetModuleInformation
GetMappedFileNameW
GetDeviceDriverFileNameW
GetPerformanceInfo
GetModuleFileNameExW
GetModuleBaseNameW
GetDeviceDriverBaseNameW
EnumPageFilesW

Exports

Exports

Countrywrong
SellHole
Thin

Sections

.text
Size: 228KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 655KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

575d942b23dfcc476865145b0dd6ee57

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

psapi

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 224KB

.rdata Size: 360KB - Virtual size: 359KB

.data Size: 56KB - Virtual size: 655KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 228KB - Virtual size: 224KB

.rdata
Size: 360KB - Virtual size: 359KB

.data
Size: 56KB - Virtual size: 655KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 8KB