bddefda7c9d705f11414bbc72df5180064a9c8202e6ec4a6096ee202e34b8d35[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

bddefda7c9d705f11414bbc72df5180064a9c8202e6ec4a6096ee202e34b8d35.zip
Size

6.3MB
MD5

d71e9dad035bcf5a8d82aeab3533d88f
SHA1

72653d08dd983fc0911bae68f7be5aaebb04b5e5
SHA256

1d12d795d7ce8568af0a6c47b5e39d885383ec77fba93aed17bfc393f10770d1
SHA512

c1c32227f4af68c44a1f26e62d079c2b8ffa6d6e7a627b7d63da1b78e20ddbb5038e6751d46232ae492ddca01c7afeefd0b0a0719eca8c3d2a06a8db539b2edd
SSDEEP

196608:T9K25XfxuyPcgZxNvYViLxHABkNM9byg4:pJb1cwNYVa3M9bk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bddefda7c9d705f11414bbc72df5180064a9c8202e6ec4a6096ee202e34b8d35.exe

Files

bddefda7c9d705f11414bbc72df5180064a9c8202e6ec4a6096ee202e34b8d35.zip
.zip

Password: infected
bddefda7c9d705f11414bbc72df5180064a9c8202e6ec4a6096ee202e34b8d35.exe
.exe windows:4 windows x64 arch:x64

Password: infected

46bbb1dfc0a0dec864734db5b0a624d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptReleaseContext
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
SystemFunction036

bcrypt

BCryptGenRandom

kernel32

RaiseException
RtlUnwindEx
VirtualProtect
VirtualQuery
__C_specific_handler
AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AreFileApisANSI
CancelIo
CancelIoEx
CloseHandle
CompareStringOrdinal
ConnectNamedPipe
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLastError
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeInfo
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSection
InitializeProcThreadAttributeList
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetFileAttributesW
SetFileCompletionNotificationModes
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
log
pow

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_beginthreadex
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_endthreadex
_errno
_exit
_fpreset
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

memset
strcmp
strcspn
strlen
strncmp
strspn

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_localtime64
_tzset

api-ms-win-crt-utility-l1-1-0

qsort

crypt32

CertAddCertificateContextToStore
CertAddEncodedCTLToStore
CertAddEncodedCertificateToStore
CertCloseStore
CertCreateCTLEntryFromCertificateContextProperties
CertCreateCertificateContext
CertDeleteCertificateFromStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertOpenStore
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertVerifyTimeValidity
CryptAcquireCertificatePrivateKey
CryptBinaryToStringA
CryptDecodeObjectEx
CryptEncodeObjectEx
CryptHashCertificate
CryptMsgEncodeAndSignCTL
CryptStringToBinaryA
CryptUnprotectData
PFXExportCertStore
PFXImportCertStore

ncrypt

NCryptFreeObject

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSAIoctl
WSAPoll
WSARecv
WSARecvFrom
WSASend
WSASendMsg
WSASendTo
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512KB - Virtual size: 511KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 940B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 905KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/71
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/83
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/96
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/107
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/123
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/137
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/153
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/169
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

46bbb1dfc0a0dec864734db5b0a624d7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

crypt32

ncrypt

ntdll

secur32

userenv

ws2_32

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.data Size: 41KB - Virtual size: 40KB

.rdata Size: 1.8MB - Virtual size: 1.8MB

/4 Size: 512B - Virtual size: 4B

.pdata Size: 512KB - Virtual size: 511KB

.xdata Size: 376KB - Virtual size: 376KB

.bss Size: - Virtual size: 940B

.idata Size: 13KB - Virtual size: 13KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 66KB - Virtual size: 65KB

/14 Size: 1024B - Virtual size: 672B

/29 Size: 621KB - Virtual size: 620KB

/45 Size: 905KB - Virtual size: 904KB

/57 Size: 5KB - Virtual size: 5KB

/71 Size: 365KB - Virtual size: 364KB

/83 Size: 1024B - Virtual size: 776B

/96 Size: 1.3MB - Virtual size: 1.3MB

/107 Size: 512B - Virtual size: 324B

/123 Size: 571KB - Virtual size: 570KB

/137 Size: 1024B - Virtual size: 631B

/153 Size: 1KB - Virtual size: 1KB

/169 Size: 512B - Virtual size: 94B

.text
Size: 9.9MB - Virtual size: 9.9MB

.data
Size: 41KB - Virtual size: 40KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

/4
Size: 512B - Virtual size: 4B

.pdata
Size: 512KB - Virtual size: 511KB

.xdata
Size: 376KB - Virtual size: 376KB

.bss
Size: - Virtual size: 940B

.idata
Size: 13KB - Virtual size: 13KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 66KB - Virtual size: 65KB

/14
Size: 1024B - Virtual size: 672B

/29
Size: 621KB - Virtual size: 620KB

/45
Size: 905KB - Virtual size: 904KB

/57
Size: 5KB - Virtual size: 5KB

/71
Size: 365KB - Virtual size: 364KB

/83
Size: 1024B - Virtual size: 776B

/96
Size: 1.3MB - Virtual size: 1.3MB

/107
Size: 512B - Virtual size: 324B

/123
Size: 571KB - Virtual size: 570KB

/137
Size: 1024B - Virtual size: 631B

/153
Size: 1KB - Virtual size: 1KB

/169
Size: 512B - Virtual size: 94B