05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd[.]zip[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd.zip.7z
Size

1.8MB
MD5

b0982a972e8fae2cff0d584c3406b8cf
SHA1

2b6a21586632c784e500f16184c34e6c37958c9d
SHA256

a80aa3390295e4d413c9eb0428187d77748bcbf57a77b710881bddd43d2b0bce
SHA512

0fcd15399b637a85be2ed069b77905d06bde9ece8480a893a5b2df819804046f9cb21460e5f2420967447ed249697e0cd9120ad9b2b3e47b5e029da10dab5bad
SSDEEP

49152:J3TDWP2HiNPtDv4hLkWGZ7wXw8nNwTA+7DwGgqu:J3L6PtJWGZEXpnNWwf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd

Files

05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd.zip.7z
.7z

Password: infected
05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd.zip
.zip

Password: infected
05fae4bef32daf78a8fa42f8c25fdf481f13dfbbbd3048e5b89190822bc470cd
.exe windows:5 windows x86 arch:x86

Password: infected

708e5311dc12717c7ed955009ec67e29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

VariantInit

advapi32

RegCreateKeyExW

user32

DefWindowProcW

kernel32

GetVersion
GetVersionExW
GetVersion
GetThreadLocale
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

msimg32

AlphaBlend

gdi32

GetCurrentPositionEx

version

GetFileVersionInfoW

ole32

OleInitialize

comctl32

ImageList_SetIconSize

winspool.drv

GetDefaultPrinterW

Sections

.text
Size: - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

708e5311dc12717c7ed955009ec67e29

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

msimg32

gdi32

version

ole32

comctl32

winspool.drv

Sections

.text Size: - Virtual size: 794KB

.itext Size: - Virtual size: 3KB

.data Size: - Virtual size: 10KB

.bss Size: - Virtual size: 23KB

.idata Size: - Virtual size: 12KB

.didata Size: - Virtual size: 806B

.tls Size: - Virtual size: 60B

.rdata Size: - Virtual size: 24B

.vmp0 Size: - Virtual size: 1.3MB

.vmp1 Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 136B

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: - Virtual size: 794KB

.itext
Size: - Virtual size: 3KB

.data
Size: - Virtual size: 10KB

.bss
Size: - Virtual size: 23KB

.idata
Size: - Virtual size: 12KB

.didata
Size: - Virtual size: 806B

.tls
Size: - Virtual size: 60B

.rdata
Size: - Virtual size: 24B

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 136B

.rsrc
Size: 5KB - Virtual size: 5KB