80994b791b545ba6a8c906e046ab6ae79c5875a4f42da07085113b4b6f22f8ca[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

80994b791b545ba6a8c906e046ab6ae79c5875a4f42da07085113b4b6f22f8ca.zip
Size

293KB
MD5

cef2ba057f871a3e99ad4c66d6ebe75d
SHA1

5e56d7848a81d7316aeb0119fe1a0d83a0166057
SHA256

389135aa41b3717667167164659d6f27f99321c0171a7ca8d7dcb9d5c17b542d
SHA512

047e086bd66c7ebea072ed8cd8e6ca1f7e09be9e60a5a0e03d4ce0428d24a382c5285886bcd8024237502b421bac8b5d57f5854e344c3b989022e6afd456c7d5
SSDEEP

6144:CkIBnOcdwj6D5lcdZvERSJQT8xMg+lHTGjsxKdcGw29/vwUSCb:CXGj6t2/8088yHTmWKdcGRFb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/80994b791b545ba6a8c906e046ab6ae79c5875a4f42da07085113b4b6f22f8ca.exe

Files

80994b791b545ba6a8c906e046ab6ae79c5875a4f42da07085113b4b6f22f8ca.zip
.zip

Password: infected
80994b791b545ba6a8c906e046ab6ae79c5875a4f42da07085113b4b6f22f8ca.exe
.exe windows:6 windows x86 arch:x86

81b834f6f9db0b945bd836f537996a1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetClipBox

user32

PostQuitMessage

advapi32

CryptDecrypt

kernel32

HeapSize
CreateFileW
VirtualAlloc
WaitForSingleObject
GetModuleHandleA
FreeConsole
CreateThread
GetProcAddress
MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
GetCurrentThreadId
CloseHandle
WaitForSingleObjectEx
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
ReleaseSRWLockExclusive
WakeAllConditionVariable
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

81b834f6f9db0b945bd836f537996a1f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

advapi32

kernel32

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 205KB - Virtual size: 209KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 205KB - Virtual size: 209KB

.reloc
Size: 7KB - Virtual size: 7KB