BadApple!![.]zip

Sharing

Copy URL Twitter E-mail

General

Target

BadApple!!.zip
Size

3.2MB
MD5

f35489ab6bb7d0359d61cd05364d2120
SHA1

2c993280cb86d07d3a8b2fc48ee2913c07279c94
SHA256

3cce81e6437f5cfd2aa511cdfee585c5ef60b4276cda9be6a548042e7dfa81c2
SHA512

3b805269d3f69e5a163e0be40f67ad7147e2fc5a5162ff4a2a5be101da204db7cc4746e0f8ed5b06b871682316fbf6d9bb3786fbb6f5263b9d4b508925e95adf
SSDEEP

98304:tnJ+ZT316/pzFwJnexQ7cxFkuFo264ef7p43h:tnAZr16/xOMxTho2vUpch

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BadApple!!.scr

Files

BadApple!!.zip
.zip
BadApple!!.scr
.exe windows:5 windows x86 arch:x86

ff3e36fb7d3b576662a58554d370f520

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\w\ssaver1\Release\MinScr.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

OutputDebugStringW
LCMapStringW
RtlUnwind
HeapReAlloc
LoadLibraryExW
FlushFileBuffers
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
GetCommandLineA
GetSystemTimeAsFileTime
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
WriteFile
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
GetProcessHeap
HeapAlloc
RaiseException
HeapFree
HeapSize
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
CreateFileW

user32

RegisterClassA
LoadCursorA
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
PostMessageA
GetSysColorBrush
GetCursorPos
GetSysColor
DefWindowProcA
ReleaseDC
CreateWindowExA
GetWindowLongA
InvalidateRect
SetWindowLongA
GetWindowTextA
TranslateMessage
GetDC
BeginPaint
SendMessageA
GetClientRect
LoadBitmapA
KillTimer
FillRect
EndPaint
DestroyWindow
SetCursor
GetMessageA
EnumDisplayMonitors
GetClassNameA
SetTimer
GetWindowRect
PostQuitMessage

gdi32

BitBlt
DeleteDC
StretchBlt
SetPixel
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA

gdiplus

GdiplusShutdown
GdipDeleteBrush
GdipFree
GdipDeletePen
GdipResetPath
GdipCloneBrush
GdipDrawPath
GdipDeleteGraphics
GdipAddPathBezierI
GdipSetWorldTransform
GdipGraphicsClear
GdipSetSmoothingMode
GdipClosePathFigure
GdipAddPathLineI
GdipCreateSolidFill
GdipAlloc
GdipCreateMatrix2
GdipDeletePath
GdipCreateFromHDC
GdipFillPath
GdipDeleteMatrix
GdipCreatePath
GdipCreatePen1
GdiplusStartup

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff3e36fb7d3b576662a58554d370f520

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

gdiplus

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 3.2MB - Virtual size: 3.2MB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 3.2MB - Virtual size: 3.2MB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 5KB