samples[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

samples.zip
Size

254KB
MD5

6694cba3bba1098ad9347c5e8ea6c49f
SHA1

8e51bad6b888c2e33354bd77d6772041ecbe03ef
SHA256

78ffb8426b47cac183d50f6ae9ac80525d4f316ccf46bcd9d181d1459138a471
SHA512

b31be005a3b76fc4401759a3e6192bea24d94c9c162dcaed5d41e86c9db59976bb7d608d030b7696d7251920bf3715a0071cf9a1fb14c2454b4e041ccd34a203
SSDEEP

6144:ZSZN8miF7hDWfD8h4MYiaMEmyIRAugU1Tagi6mOosss7pn:ZSDJD7MYiaMEoJgMpn3os/pn

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/00043dfa22ecfa878b76ad185f091123430dbbc1610140b28ff9036e4a7b53b5
unpack001/003baf8fb85ce28e21505c8a72d76c67f6aa2b107bae82662d1b56f68198ceb6

Files

samples.zip
.zip

Password: infected2024!
00043dfa22ecfa878b76ad185f091123430dbbc1610140b28ff9036e4a7b53b5
.exe windows:5 windows x86 arch:x86

Password: infected2024!

1cc886f9c6a2b3ca910ec662922e811e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleA
SetDefaultCommConfigW
SetConsoleScreenBufferSize
SleepEx
GetModuleHandleW
GetProcessHeap
GetConsoleAliasesA
GetConsoleAliasesLengthA
ReadConsoleOutputA
EnumTimeFormatsW
ActivateActCtx
ReadProcessMemory
GetVersionExW
FindNextVolumeW
GetFileAttributesW
FileTimeToSystemTime
GetShortPathNameA
InterlockedExchange
GetCurrentDirectoryW
SetLastError
GetProcAddress
BuildCommDCBW
LoadLibraryA
UnhandledExceptionFilter
LocalAlloc
SetCalendarInfoW
FindNextChangeNotification
HeapLock
GetModuleFileNameA
SetConsoleTitleW
FreeEnvironmentStringsW
CompareStringA
DeleteCriticalSection
SetCalendarInfoA
InterlockedPushEntrySList
CommConfigDialogW
GetLastError
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapCreate
VirtualFree
VirtualAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
CreateFileA
CloseHandle

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
003baf8fb85ce28e21505c8a72d76c67f6aa2b107bae82662d1b56f68198ceb6
.exe windows:5 windows x86 arch:x86

Password: infected2024!

1a4eff9c4d3cb3a6772cfd44c9b889f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yexah lapada\rur\na.pdb

Imports

kernel32

LoadLibraryW
CallNamedPipeW
EnumSystemCodePagesW
EnumDateFormatsW
OpenMutexA
GetConsoleAliasesLengthW
AreFileApisANSI
EnumCalendarInfoExW
RequestWakeupLatency
GetConsoleAliasW
GetModuleHandleW
CreateDirectoryExW
GetLogicalDriveStringsA
ReadConsoleInputA
FindNextVolumeMountPointA
SearchPathA
MoveFileW
GetCurrentDirectoryW
GetSystemDirectoryW
CreateMailslotA
CommConfigDialogA
GetProcAddress
LoadLibraryA
LocalAlloc
GetCPInfoExA
FindResourceW
ContinueDebugEvent
InterlockedCompareExchange
FindFirstVolumeW
LocalFree
GlobalFlags
GetNumberOfConsoleMouseButtons
ActivateActCtx
SetConsoleCtrlHandler
PeekNamedPipe
FindNextVolumeW
FreeEnvironmentStringsW
GetConsoleTitleA
SetVolumeMountPointA
ClearCommError
lstrlenW
CreateDirectoryW
GlobalFindAtomA
OpenJobObjectA
CopyFileW
lstrcpynA
VerSetConditionMask
EnumSystemLocalesW
QueryDepthSList
WritePrivateProfileSectionA
GetStringTypeExA
OpenMutexW
DeactivateActCtx
WriteFile
ResetEvent
SetHandleCount
FindResourceA
GetConsoleAliasExesLengthA
MoveFileA
GetConsoleSelectionInfo
InterlockedDecrement
SetFileApisToANSI
GetModuleHandleA
GetTickCount
GetLastError
DeleteFileA
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapAlloc
HeapReAlloc
VirtualAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected2024!

Password: infected2024!

1cc886f9c6a2b3ca910ec662922e811e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 12KB - Virtual size: 27.3MB

.rsrc Size: 90KB - Virtual size: 90KB

Password: infected2024!

1a4eff9c4d3cb3a6772cfd44c9b889f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 65KB - Virtual size: 223KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 12KB - Virtual size: 27.3MB

.rsrc
Size: 90KB - Virtual size: 90KB

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 65KB - Virtual size: 223KB

.rsrc
Size: 92KB - Virtual size: 92KB