90a075e9b5d52e8df8e1f90aad0cb2b7dd7a4a022c8dfb7c21184dcd3ac02f1c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

90a075e9b5d52e8df8e1f90aad0cb2b7dd7a4a022c8dfb7c21184dcd3ac02f1c.zip
Size

203KB
MD5

d19f0622e2bd488fc83b03edbdfd78ab
SHA1

83a91abadf5cc207897ce21bc21f86a3560969e4
SHA256

3284f32a3942b31eeb8349505736e154f42ccc91343d58eca806a2c11a78b35b
SHA512

fd79a4755d0e433e8717879614ae5f00db102e715fad812a840ec2588f0ac2af1892fd9b1bf764dbb2e9a3158e3710061311e3c92c8df0357adee5b02d1c0abc
SSDEEP

6144:6Z1AJuQdhboZlWkEnvfsIq/lLmfbuFgsa:eauQdhboZlWkkfsIolLmfSyf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/90a075e9b5d52e8df8e1f90aad0cb2b7dd7a4a022c8dfb7c21184dcd3ac02f1c

Files

90a075e9b5d52e8df8e1f90aad0cb2b7dd7a4a022c8dfb7c21184dcd3ac02f1c.zip
.zip

Password: infected
90a075e9b5d52e8df8e1f90aad0cb2b7dd7a4a022c8dfb7c21184dcd3ac02f1c
.dll regsvr32 windows:6 windows x64 arch:x64

4cf1d261f361f561f2cc103c6671d6fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MoveFileW
SwitchToThread
GetTickCount
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
CloseHandle
WriteFile
UnmapViewOfFile
GetLocalTime
SystemTimeToFileTime
WideCharToMultiByte
VirtualProtect
LoadLibraryW
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
CreateEventW
SetEvent
InitializeCriticalSectionEx
GetLastError
RaiseException
DeleteCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetFilePointerEx
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
MultiByteToWideChar
GetFileType
GetStdHandle
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetModuleFileNameW
GetModuleHandleExW
IsDebuggerPresent
OutputDebugStringW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
ExitProcess

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipGetImageEncoders
GdipGetEncoderParameterListSize
GdipCloneImage
GdipDrawImageRectRect
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdiplusStartup
GdipGetEncoderParameterList

ws2_32

shutdown

Exports

Exports

?RdvServiceMain@@YAXPEAX0K0K@Z
DllRegisterServer
DllUnregisterServer
VssServiceMain

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4cf1d261f361f561f2cc103c6671d6fe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

gdiplus

ws2_32

Exports

Exports

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 74KB - Virtual size: 73KB

.data Size: 3KB - Virtual size: 4.1MB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 74KB - Virtual size: 73KB

.data
Size: 3KB - Virtual size: 4.1MB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB