17210347354[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

17210347354.zip
Size

127KB
MD5

f459ccf93ef49c3caf3f3df4e567e86d
SHA1

94bf914e1c284869b49647edcf55d0aa6b3f7b8c
SHA256

328079074f32c574e6c314b71dbb5c1ede6e4947a511982ef65107cd5a004e35
SHA512

8c2c90143ad201baeef1fd7bac97285d0b566a590a9fb13e292de09679ea47502f4b7c3a524b3e7c7e3f2c71300973dfc083dfd06cf22494ad20a9839d8d1b3f
SSDEEP

3072:01c3TGuEv1CJAP2w7kYIcy54ssBvRpnmXOwoV:avHP0cy2RZpmfoV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c915abde4d05b1e6412b4ac777584c9c80095d9401e24eace1cb3ef029808d52

Files

17210347354.zip
.zip

Password: infected
c915abde4d05b1e6412b4ac777584c9c80095d9401e24eace1cb3ef029808d52
.dll windows:5 windows x64 arch:x64

Password: infected

1b1a9ab338d2173ee312e8a5f4b2f7d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
CopyFileA
LocalFree
WideCharToMultiByte
GetSystemInfo
GetModuleHandleA
GetVersionExA
ReadFile
SetEndOfFile
LockResource
LoadResource
DeleteFileA
SetFileAttributesA
GetFileSize
SizeofResource
FindResourceA
GetWindowsDirectoryA
CreateMutexA
CreateEventA
SetEvent
CreateProcessA
DuplicateHandle
GetCurrentProcess
ExitThread
CreatePipe
DisconnectNamedPipe
WaitForMultipleObjects
TerminateThread
lstrcmpiA
GetSystemDirectoryA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeA
GetUserDefaultLangID
IsBadReadPtr
GetDiskFreeSpaceExA
GetLogicalDrives
GlobalMemoryStatusEx
RaiseException
CreateFileA
WriteFile
SetFilePointer
GetLastError
FindFirstFileA
FindClose
GetProcessHeap
HeapAlloc
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ReleaseMutex
GetVersion
GlobalAlloc
GlobalLock
DeviceIoControl
GlobalHandle
GlobalUnlock
GlobalFree
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateThread
CloseHandle
Sleep
OutputDebugStringA
ResetEvent
HeapFree
RtlUnwindEx
MultiByteToWideChar
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
HeapReAlloc
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlPcToFileHeader

user32

GetSystemMetrics
EnumDisplaySettingsA

advapi32

GetNamedSecurityInfoA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
StartServiceA
QueryServiceStatus
OpenServiceA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
RegEnumKeyA
RegQueryValueExA

ws2_32

ioctlsocket
connect
select
gethostbyname
ntohs
inet_ntoa
setsockopt
ntohl
socket
htonl
htons
bind
closesocket
recv
gethostname
send
shutdown
WSAAccept
listen
__WSAFDIsSet
WSAStartup
inet_addr

iphlpapi

GetAdaptersInfo
GetIpForwardTable
GetIpAddrTable
GetIpNetTable
GetAdaptersAddresses

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantClear
VariantChangeType
VariantInit

Exports

Exports

ShadowForce

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

1b1a9ab338d2173ee312e8a5f4b2f7d2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 151KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 241KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 36KB - Virtual size: 36KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 151KB - Virtual size: 151KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 241KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 36KB - Virtual size: 36KB

.reloc
Size: 2KB - Virtual size: 1KB