KTCHQF1_2024-05-15_18_31_14[.]179[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

KTCHQF1_2024-05-15_18_31_14.179.zip
Size

7.3MB
MD5

8a66ac1b68df08af9c73b9177fc0b0ae
SHA1

86cee587ba749848ec0acd1babd1afff85e08c9e
SHA256

e82705d51ed682a87c30d87d5a9886dc3990af11f4c3ba31796689ea40656b6e
SHA512

7bfd0b15a2fa6961aa3cfde008831f3567c5ce77bc2f4654feeaaa741513022b13e35da2dd24ee3089bc88ef2c487d6aa82f49f9d1f9f0b34cfdb4f1f3f18dd2
SSDEEP

196608:RHi6YsY2Hd6UTltK6Mq3PQ+nN5QCWez10SvJP1voy6jU7BO:o5gdZTbvMO4+NGu1FoyF4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume11/Shared/Eng-TEC-A/Project Folders/ARCHIVE/Jason M/Manuals/Old Manuals Vault/Before 2013/CE/20090807_overheating install manual/english/DEXP_2009081009433.exe

Files

KTCHQF1_2024-05-15_18_31_14.179.zip
.zip

Password: Infected!!
Device/HarddiskVolume11/Shared/Eng-TEC-A/Project Folders/ARCHIVE/Jason M/Manuals/Old Manuals Vault/Before 2013/CE/20090807_overheating install manual/english/DEXP_2009081009433.exe
.exe windows:4 windows x86 arch:x86

Password: Infected!!

48062f8b841bfe276557e45191f052fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertGetIntendedKeyUsage
CertFreeCertificateContext
CryptImportPublicKeyInfo
CertOpenStore
CertCloseStore
CryptVerifyCertificateSignature
CertEnumCertificatesInStore
CryptAcquireCertificatePrivateKey
CertSetCertificateContextProperty
CryptHashPublicKeyInfo
CertNameToStrW
CertOpenSystemStoreW

kernel32

GetDiskFreeSpaceA
DeleteFileA
GetVolumeInformationW
GetVersionExW
GetCurrentDirectoryW
DeviceIoControl
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesW
MoveFileW
SetFileTime
GetCurrentDirectoryA
GetDriveTypeA
GetFileAttributesExW
SetFileAttributesA
GetDriveTypeW
MoveFileExA
GetTempFileNameA
GetDiskFreeSpaceW
GetFullPathNameW
GetShortPathNameW
GetFullPathNameA
GetVolumeInformationA
LoadLibraryA
GetTempPathW
MoveFileExW
GetShortPathNameA
GetTempFileNameW
MoveFileA
DeleteFileW
Sleep
CreateDirectoryW
GetFileInformationByHandle
SetFilePointer
GetFileType
SetEndOfFile
ReadFile
FlushFileBuffers
GetStringTypeExA
UnmapViewOfFile
GetLocaleInfoW
MapViewOfFile
CreateFileMappingW
ReleaseMutex
CreateMutexW
GetLocaleInfoA
GetDateFormatA
GetDateFormatW
FileTimeToSystemTime
GetNumberFormatA
GetNumberFormatW
GetVersion
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFileAttributesW
FreeEnvironmentStringsA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
InterlockedExchange
ExitProcess
GetModuleHandleA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetProcessHeap
CreateThread
ExitThread
HeapFree
HeapAlloc
HeapReAlloc
GetProcAddress
GetModuleHandleW
GetTickCount
lstrcmpiW
CompareStringA
SetCurrentDirectoryW
CompareStringW
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
FreeLibrary
LoadLibraryExW
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
LeaveCriticalSection
GlobalAlloc
EnterCriticalSection
lstrlenW
GetModuleFileNameW
SetLastError
LockResource
InitializeCriticalSection
LoadResource
FindResourceW
InterlockedIncrement
DeleteCriticalSection
MulDiv
lstrcmpW
GetLastError
GlobalFree
GlobalHandle
InterlockedDecrement
GlobalUnlock
GetCurrentThreadId
CreateFileA
GetTempPathA
CreateDirectoryA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
SetThreadPriority
WaitForSingleObject
SetEvent
ResetEvent
GetEnvironmentStrings
CreateEventW
CloseHandle
CreateFileW
WriteFile
FlushInstructionCache
GetCurrentProcess
RaiseException
CompareFileTime

user32

DestroyMenu
TrackPopupMenu
GetActiveWindow
DialogBoxParamW
IsWindowVisible
GetWindowTextA
GetCursorPos
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
DdeCreateStringHandleW
TranslateMessage
DispatchMessageW
CreatePopupMenu
LoadImageW
IsDlgButtonChecked
GetClassInfoExW
ReleaseDC
GetDlgItemTextW
RegisterClassExW
LoadCursorW
ClientToScreen
MessageBoxW
CharNextW
MoveWindow
InsertMenuW
GetSystemMenu
DestroyAcceleratorTable
EnableWindow
GetDesktopWindow
DdeConnect
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
DdeClientTransaction
DdeGetLastError
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DdeInitializeW
GetSysColor
DialogBoxIndirectParamW
GetClassNameW
SetCapture
RegisterWindowMessageW
ReleaseCapture
IsChild
GetFocus
GetWindowTextLengthW
SetWindowContextHelpId
ShowWindow
PostMessageW
InvalidateRect
LoadStringW
RedrawWindow
FillRect
InvalidateRgn
SetCursor
CreateAcceleratorTableW
DestroyIcon
MapDialogRect
SetWindowPos
DrawTextW
SetDlgItemTextW
GetSystemMetrics
GetWindow
GetWindowTextW
SetWindowTextW
SetForegroundWindow
EndDialog
SetWindowLongW
SystemParametersInfoW
DestroyWindow
GetWindowRect
GetClientRect
GetWindowLongW
SendMessageW
ScreenToClient
DefWindowProcW
GetParent
CallWindowProcW
EndPaint
DrawIcon
BeginPaint
MapWindowPoints
CreateWindowExW
GetDlgItem
IsWindow
SetFocus
GetDC
CheckDlgButton
UnregisterClassA

gdi32

GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
DeleteDC
DeleteObject
GetStockObject
SelectObject

advapi32

RegQueryInfoKeyW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetUserKey
CryptAcquireContextA
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptDestroyHash
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyW
RegSetValueW
CryptGetProvParam
CryptGenKey
CryptDeriveKey
CryptSetKeyParam
CryptImportKey
CryptGetKeyParam
CryptDecrypt

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW

ole32

CoCreateGuid
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
OleInitialize
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleUninitialize

oleaut32

LoadRegTypeLi
VarUI4FromStr
SysAllocString
SysStringByteLen
LoadTypeLi
OleCreateFontIndirect
VariantInit
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx

Sections

.text
Size: - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 320KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Infected!!

Password: Infected!!

48062f8b841bfe276557e45191f052fb

Headers

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: - Virtual size: 536KB

.rdata Size: 168KB - Virtual size: 164KB

.data Size: - Virtual size: 72KB

.rsrc Size: 24KB - Virtual size: 25KB

.pklstb Size: 320KB - Virtual size: 336KB

.relo2 Size: 4KB - Virtual size: 60B

.text
Size: - Virtual size: 536KB

.rdata
Size: 168KB - Virtual size: 164KB

.data
Size: - Virtual size: 72KB

.rsrc
Size: 24KB - Virtual size: 25KB

.pklstb
Size: 320KB - Virtual size: 336KB

.relo2
Size: 4KB - Virtual size: 60B