17682928456[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

17682928456.zip
Size

1.5MB
MD5

f881a2e286cf1527c81d9f9bd4e0dbc4
SHA1

04ada4976194e06cdc2994f1d2175f8f91719869
SHA256

b6357a4ec36cf435bf9c0a0dc22529fe92e236b6440c7054e3c765037ee1a48f
SHA512

1974291d3609a3012cd147bf1498a7a91f2550a012928f7c3f0c98f930b1bbd6b5037d37befe34c811928a4f6aed5149dafb167fe5e13045d8cc44099f4d170c
SSDEEP

49152:1yZEseBGJCLFh8e1lySjp5zQ1+3Y6OqIdP0:ULeBDZR1ly+1X3Y6zM8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ce9a75138eb6ab2cdd0ea6658fc15b7ac454a7d08a6f7c33f298e46725cb7d16

Files

17682928456.zip
.zip

Password: infected
ce9a75138eb6ab2cdd0ea6658fc15b7ac454a7d08a6f7c33f298e46725cb7d16
.exe windows:6 windows x64 arch:x64

Password: infected

3d17aef35c8dba81aabeac4a89946b93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

my_program.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

kernel32

GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
OutputDebugStringW
SetHandleInformation
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
PostQueuedCompletionStatus
TlsFree
TlsSetValue
CreateIoCompletionPort
TlsGetValue
GetQueuedCompletionStatusEx
TlsAlloc
ReadFile
GetOverlappedResult
WriteFile
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetOEMCP
EnterCriticalSection
GetCurrentThreadId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
EncodePointer
GetSystemTimeAsFileTime
CreateFileA
GetLastError
CancelIo
SleepEx
CreateEventA
WaitNamedPipeA
GetSystemInfo
DuplicateHandle
GetCurrentProcess
GetCPInfo
SetStdHandle
GetStringTypeW
HeapSize
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
FreeConsole
GetTimeZoneInformationForYear
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
UnhandledExceptionFilter
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
SetEndOfFile
GetStdHandle
GetCurrentProcessId
WriteFileEx
GetExitCodeProcess
TerminateProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
LeaveCriticalSection
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CreateEventW
CloseHandle
CreateMutexA
GetConsoleMode
GetFileType
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateNamedPipeW
ReadFileEx
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetCurrentThread
GetFullPathNameW
WaitForSingleObjectEx
LoadLibraryA

ws2_32

WSAGetLastError
closesocket
getaddrinfo
WSAStartup
setsockopt
WSASend
recv
shutdown
getsockopt
ioctlsocket
connect
bind
WSASocketW
getpeername
getsockname
WSACleanup
select
send
WSAIoctl
freeaddrinfo

secur32

FreeCredentialsHandle
QueryContextAttributesW
AcquireCredentialsHandleA
DeleteSecurityContext
ApplyControlToken
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
FreeContextBuffer
DecryptMessage

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

crypt32

CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateChain
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CryptDecodeObjectEx
CertDuplicateStore

ntdll

RtlNtStatusToDosError
NtReadFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtCreateFile
NtWriteFile

user32

SendMessageA
FindWindowA

bcrypt

BCryptCreateHash
BCryptSignHash
BCryptDestroyHash
BCryptDestroyKey
BCryptSecretAgreement
BCryptDeriveKey
BCryptFinishHash
BCryptVerifySignature
BCryptHashData
BCryptFinalizeKeyPair
BCryptImportKeyPair
BCryptImportKey
BCryptExportKey
BCryptDecrypt
BCryptEncrypt
BCryptGenerateKeyPair
BCryptCloseAlgorithmProvider
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroySecret
BCryptGenRandom

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3d17aef35c8dba81aabeac4a89946b93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

kernel32

ws2_32

secur32

advapi32

crypt32

ntdll

user32

bcrypt

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 15KB - Virtual size: 20KB

.pdata Size: 119KB - Virtual size: 119KB

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 15KB - Virtual size: 20KB

.pdata
Size: 119KB - Virtual size: 119KB

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 23KB - Virtual size: 22KB