acfe35fbc39418fdd1bf10122f8a4e65dca7c035984856499b1ab18277a8c6a7

Sharing

Copy URL

Twitter E-mail

General

Target

acfe35fbc39418fdd1bf10122f8a4e65dca7c035984856499b1ab18277a8c6a7
Size

103KB
MD5

5bb8150332d3b8c2137b3701a0eb183e
SHA1

bfc9754e4ef24fb86550c06337a4a91b9c062caa
SHA256

acfe35fbc39418fdd1bf10122f8a4e65dca7c035984856499b1ab18277a8c6a7
SHA512

56a793713b2a3058e3e70f08593911d9d888d34fa6ccd1f6bbfaac6bab6d8dc59b5ef31dbd9949f2ecfac6edd32e94b31c9fa45c3946ec401a856e6ed45c8b50
SSDEEP

3072:fMOYKpcpSTPsLeL+4NKVviPsCgc8p9jL1HqUD:RpTa4Nsiju9jxKUD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/zzxcQbq

resource
unpack001/zzxcQbq

Files

acfe35fbc39418fdd1bf10122f8a4e65dca7c035984856499b1ab18277a8c6a7
.zip

Password: infected
zzxcQbq
.exe windows:5 windows x86 arch:x86

d840be6a308b3c50fd5fca5d8574d67e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

whWEHREHW##.pdb

Imports

version

GetFileVersionInfoSizeA

user32

DestroyAcceleratorTable
GetMenuBarInfo
DrawIcon
GetWindowPlacement
LockSetForegroundWindow
GetFocus
GetClipboardOwner
GetDesktopWindow
GetWindowWord
LoadIconA
GetWindowTextLengthW
ShowCursor
DdeDisconnectList
GetKeyboardLayoutNameA

gdi32

ExtEscape
GetMapMode

advapi32

GetWindowsAccountDomainSid
LogonUserW
DeleteService

kernel32

GetProfileSectionA
GetFileAttributesW
LocalReAlloc
GlobalMemoryStatus
GetQueuedCompletionStatus
EnumSystemLocalesW
GetThreadSelectorEntry
Module32Next
GetCurrencyFormatA
lstrcmpW
EnumTimeFormatsA
GetBinaryTypeA
GetProfileIntW
GetThreadId
LockResource
GetDiskFreeSpaceW
lstrlenA
FindActCtxSectionGuid

rasapi32

RasRenameEntryA

ws2_32

socket

winspool.drv

GetPrinterW

secur32

DeleteSecurityContext

msi

ord30
ord29

oleaut32

VarCyCmp

msvcrt

ungetwc

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d840be6a308b3c50fd5fca5d8574d67e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

user32

gdi32

advapi32

kernel32

rasapi32

ws2_32

winspool.drv

secur32

msi

oleaut32

msvcrt

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 22KB - Virtual size: 27KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 22KB - Virtual size: 27KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 2KB