ap-file-rundll32[.]exe--288345959[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ap-file-rundll32.exe--288345959.zip
Size

30KB
MD5

2c542ffb941f5518116a130db7e0993a
SHA1

0b2f0f9cb7344992e3c6f3592b0c47f9f592d601
SHA256

89bbe958a59435388e4e9d986e95dff0dbbd65e3e04f02b204d22d07cb1da606
SHA512

8229ec1a8be83c2fe8952cd0c113a4cfd6bde2eedb009e5ecb6b154e1215ba4f9c47e546010f7734edac754bc7b033202dfd32f845cf69b8067b7db5d6d770e4
SSDEEP

768:o0UMP86S6SCu8QqhoKwpQ+PbOY1AVJ6G10EWuNPuDg:oqP9zQqhoHFbOLJ6WNmE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rundll32.exe

Files

ap-file-rundll32.exe--288345959.zip
.zip

Password: cautionhandlewithcare
rundll32.exe
.exe windows:10 windows x64 arch:x64

Password: cautionhandlewithcare

4db27267734d1576d75c991dc70f68ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

rundll32.pdb

Imports

msvcrt

_commode
__CxxFrameHandler3
_amsg_exit
_vsnwprintf
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
_fmode
__wgetmainargs
__set_app_type
exit
_wcmdln
_initterm
__setusermatherr
_cexit
_lock
_exit
_XcptFilter
free
_purecall
_wtoi
memcpy_s
__C_specific_handler
_callnewh
malloc
memset

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CLSIDFromString
CoCreateInstance
CoInitializeEx
CoRevokeClassObject
CoUninitialize
CoWaitForMultipleHandles
CoInitializeSecurity

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
SetFilePointer
GetFileAttributesW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
LoadStringW
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-wow64-l1-1-1

GetSystemWow64Directory2W
IsWow64Process2

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
CreateEventW
CreateMutexExW
ReleaseSemaphore
ReleaseSRWLockShared
WaitForSingleObject
OpenSemaphoreW
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateSemaphoreExW
ReleaseMutex
SetEvent

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SearchPathW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
ExitProcess
CreateProcessW
TerminateProcess
GetStartupInfoW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-error-l1-1-0

RoOriginateErrorW
RoOriginateError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-console-l1-2-0

FreeConsole
AttachConsole

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-console-l1-1-0

WriteConsoleW

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-kernel32-private-l1-1-0

Wow64EnableWow64FsRedirection

api-ms-win-core-sidebyside-l1-1-0

QueryActCtxW
ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-downlevel-shlwapi-l1-1-0

PathIsRelativeW

api-ms-win-downlevel-shlwapi-l2-1-0

SHSetThreadRef

imagehlp

ImageDirectoryEntryToData

ntdll

NtClose
NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
RtlSetSearchPathMode
RtlWow64IsWowGuestMachineSupported
RtlImageNtHeader
NtQuerySystemInformation
NtSetInformationToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rundll32.exe.METADATA

Sharing

General

Malware Config

Signatures

Files

Password: cautionhandlewithcare

Password: cautionhandlewithcare

4db27267734d1576d75c991dc70f68ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-kernel32-private-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-downlevel-shlwapi-l1-1-0

api-ms-win-downlevel-shlwapi-l2-1-0

imagehlp

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 256B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 256B