Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc
Static task
static1
2 signatures
General
-
Target
Benefitplan_reward#5625425437.zip
-
Size
238KB
-
MD5
e4c18b151b3d99660966d5f507580092
-
SHA1
d43a3f3a4797a3031e28f0b6e6de9c266186a33c
-
SHA256
d8c7694a144460c46e044089acf300b15989b5a912fc08ba3b15cc7f00a57514
-
SHA512
f08b66a2c7d20f5c0e4dc9fb8b8dd05e103b154947bdde2510a32e2d8adc407dd19da8a0f5c5db7d34083e42640ea9ef90939bedc39f2aa7ef9852e93cad1c44
-
SSDEEP
6144:/SYOB+iQUs6/nrBePqAEe6M7HKPBfuoq45tuyVqf0YVfxqHyn:/SCi1sQrBePq82PpvXCyVtYhxqHyn
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/Benefitplan_reward#5625425437.com unpack002/$PLUGINSDIR/System.dll -
NSIS installer 2 IoCs
resource yara_rule static1/unpack001/Benefitplan_reward#5625425437.com nsis_installer_1 static1/unpack001/Benefitplan_reward#5625425437.com nsis_installer_2
Files
-
Benefitplan_reward#5625425437.zip.zip
Password: infected
-
Benefitplan_reward#5625425437.com.exe windows:4 windows x86 arch:x86
f10e4da994053bf80c20cee985b32e29
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
advapi32
RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA
shell32
SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ole32
IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree
comctl32
ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
user32
SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongA
GetWindowLongA
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard
gdi32
SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject
kernel32
GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
GetTempFileNameA
RemoveDirectoryA
WriteFile
CreateDirectoryA
GetLastError
CreateProcessA
GlobalLock
GlobalUnlock
CreateThread
lstrcpynA
SetErrorMode
GetDiskFreeSpaceA
lstrlenA
GetCommandLineA
GetVersionExA
GetWindowsDirectoryA
SetEnvironmentVariableA
GetTempPathA
CopyFileA
GetCurrentProcess
ExitProcess
GetModuleFileNameA
GetFileSize
ReadFile
GetTickCount
Sleep
CreateFileA
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv
Sections
.text Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 246KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 800KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 177KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/System.dll.dll windows:6 windows x86 arch:x86
595a3fd71239f605bb02d7a5e48fd4df
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalSize
GlobalFree
lstrcpynA
lstrcpyA
GetLastError
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 926B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 68B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 492B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Hexametrize.Plu
-
Homogene.Dia
-
Opinably.not
-
Puristical/Thaneland/vucoms.exh
-
Puristical/Thaneland/xylografens.int
-
Puristical/undertallet.hex
-
Unacrimoniously.blr
-
dom.txt
-
goosish.lim
-
hello.for
-
jargonal.erk
-
nrre.dad
-
pennae.bag
-
repraising.tel
-
skismatikeren.emb
-
sporskifterne.nab