513937eca95b5c969a67c9592045a66bfeedd732003832ea51a39d2e9e493480

Sharing

Copy URL

Twitter E-mail

General

Target

513937eca95b5c969a67c9592045a66bfeedd732003832ea51a39d2e9e493480
Size

114KB
MD5

55bbc2f9ef2df8f45e2019fc5ae8b578
SHA1

f7c0743a0b5c6db5ec21ad242c35c0fe9cb40043
SHA256

513937eca95b5c969a67c9592045a66bfeedd732003832ea51a39d2e9e493480
SHA512

a21a35874978166e18e0bcef76ab022ac41cc23f557cdc9dd90ce10596b0b6ac537c0d91d847a28be524988261d65d432595f646b39de79d9f154732d0cf6910
SSDEEP

3072:0qn9neAbRXrlpvEatMhWR1dBl1Y8zCV+7dox0SUDa:feAbR7jPt6SH19C0Gx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/90152e847d02fe9ed6802bf437c89bbad41abfc0b9552c5c75f7432541e8e94b

Files

513937eca95b5c969a67c9592045a66bfeedd732003832ea51a39d2e9e493480
.zip

Password: infected
90152e847d02fe9ed6802bf437c89bbad41abfc0b9552c5c75f7432541e8e94b
.exe windows:6 windows x86 arch:x86

aa8cca7958ba8d33418f96f4c37e5874

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

RetrieveUrlCacheEntryFileA

rasapi32

RasEnumConnectionsW
RasGetSubEntryHandleA

secur32

GetUserNameExA

comdlg32

GetSaveFileNameW
PageSetupDlgW

kernel32

CreateJobObjectW
GetModuleHandleA
GetBinaryTypeA
BuildCommDCBAndTimeoutsA
InitializeSListHead
SetThreadLocale
LoadLibraryW
ReadFileEx
GetDiskFreeSpaceA
GetTimeZoneInformation
SetThreadExecutionState

rpcrt4

RpcBindingFromStringBindingA
RpcBindingInqAuthClientExW

cfgmgr32

CM_Get_Resource_Conflict_DetailsW

mprapi

MprAdminServerConnect

advapi32

QueryUsersOnEncryptedFile
AdjustTokenPrivileges
RegFlushKey

msvcrt

system
feof

imm32

ImmConfigureIMEW

oleaut32

SafeArrayGetLBound
SafeArrayLock

shell32

SHGetFileInfoA

ole32

CoRevertToSelf

shlwapi

UrlUnescapeA
PathIsRelativeA
SHSetValueA

winmm

waveInStop

user32

CheckMenuRadioItem
PackDDElParam
CreateIconIndirect

lz32

LZCopy

esent

JetRetrieveColumn

crypt32

CertRDNValueToStrW
CryptInstallOIDFunctionAddress
CertNameToStrW

Sections

.text
Size: 164KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

aa8cca7958ba8d33418f96f4c37e5874

Headers

DLL Characteristics

File Characteristics

Imports

wininet

rasapi32

secur32

comdlg32

kernel32

rpcrt4

cfgmgr32

mprapi

advapi32

msvcrt

imm32

oleaut32

shell32

ole32

shlwapi

winmm

user32

lz32

esent

crypt32

Sections

.text Size: 164KB - Virtual size: 165KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

DATA Size: 16KB - Virtual size: 15KB

.text
Size: 164KB - Virtual size: 165KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

DATA
Size: 16KB - Virtual size: 15KB