972e71cceda1e90b825a6a656d92ef6377813a30bc03d2719784be42b950fc59[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

972e71cceda1e90b825a6a656d92ef6377813a30bc03d2719784be42b950fc59.zip
Size

143KB
MD5

59ce23facf55b04f0b74fe28d898575e
SHA1

0c3110885df13667bbb2c12dfdca2e9f58a3d8a7
SHA256

8f072df1521800a95775f6856d312783b3a7f92cb3aafaec04f917e7acceba53
SHA512

15b1e87ba05822919934b918db2748ec305a128ec5372b813a84f2e70d6ced16934ec4953cc0374cee306769e7710945524cee1e01f123214bc98d7a78b53e20
SSDEEP

3072:pPPLcgHkNySzbR7gxPLval8iK1FTtT4NqIdm4/wSxxAEO3Z:p3LjENysVajyW9FTV4NqIdm4/woCEOJ

Score

5^/10

Malware Config

Signatures

Detect suspicious telegram bot 1 IoCs

Detect suspicious telegram bot.

resource	yara_rule
static1/unpack001/972e71cceda1e90b825a6a656d92ef6377813a30bc03d2719784be42b950fc59	suspicious_telegram_bot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/972e71cceda1e90b825a6a656d92ef6377813a30bc03d2719784be42b950fc59

Files

972e71cceda1e90b825a6a656d92ef6377813a30bc03d2719784be42b950fc59.zip
.zip

Password: infected
972e71cceda1e90b825a6a656d92ef6377813a30bc03d2719784be42b950fc59
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

Password: infected

24dd5e1ff008f2e8a121c479add6c292

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptDecrypt
CryptImportKey
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateToolhelp32Snapshot
DeleteFileA
DeleteFileW
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTime
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
InterlockedIncrement
LoadLibraryA
LoadLibraryW
MoveFileA
MoveFileW
MultiByteToWideChar
OpenMutexA
Process32First
Process32Next
ReadFile
ReleaseMutex
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
Sleep
SleepEx
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_stricmp
_strlwr
_strupr
_unlink
__dllonexit
_assert
_close
_errno
_lseek
_mkdir
_open
_read
_snwprintf
_strdate
_strlwr
_strrev
_strtime
_strupr
_vsnprintf
_wcsupr
_wfopen
_wmkdir
_write
_wrmdir
abort
atoi
atol
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
rand
realloc
rewind
sprintf
srand
strcat
strchr
strcmp
strcpy
strlen
strncpy
strstr
strtok
swprintf
time
tmpnam
wcscat
wcscmp
wcscpy
wcslen
wcsrchr

user32

DefWindowProcA
DispatchMessageA
GetClientRect
GetDC
GetDesktopWindow
GetLastInputInfo
GetMessageA
LoadCursorA
LoadIconA
ReleaseDC
TranslateMessage

Exports

Exports

Alloc
Control_Provider
RatingSetupUI
Telephon

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

24dd5e1ff008f2e8a121c479add6c292

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 76KB - Virtual size: 76KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: 40KB - Virtual size: 40KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 76KB - Virtual size: 76KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 40KB - Virtual size: 40KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB