ap-file-vaultFile3774599164731940427[.]vol--1896620230[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ap-file-vaultFile3774599164731940427.vol--1896620230.zip
Size

209KB
MD5

09dbb165d4265479cf432119aad1aa70
SHA1

fa3088196adfc5b9c6ecc1360e659be349a60dd7
SHA256

bd536cd48a8a187bb6b9493430dda832f5ff36b221faba252f6e45358d549304
SHA512

720a96f05bc13c977c33ac75f9ed1f76d526c9f3503864bb74d88e4e8aea5a51726d4e4fb8a9ff422950ef9c6c5a75163c1cd8f6d238dcfe3d091a6840164fbd
SSDEEP

6144:RMvEGv9v/RxVGdFSbSTXMCh9Eq4bZSka0bBn:cDv/RiTSbSQCLEqp4B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/vaultFile3774599164731940427.vol

Files

ap-file-vaultFile3774599164731940427.vol--1896620230.zip
.zip

Password: cautionhandlewithcare
vaultFile3774599164731940427.vol
.exe windows:4 windows x86 arch:x86

Password: cautionhandlewithcare

219b1ac3660881c3bac149e5fad01af3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
WriteFile
MulDiv
WaitForSingleObject
CreateProcessA
SetFileAttributesA
SetFileTime
GetFileSize
CreateDirectoryA
GetTempFileNameA
GetTempPathA
GetModuleFileNameA
GetSystemInfo
VirtualProtect
FlushFileBuffers
SetFilePointer
SetEndOfFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
ReadFile
CreateFileA
GetLocaleInfoA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

GetDC
SetCursor
ReleaseDC
MessageBoxA
InvalidateRect
LoadCursorA
LoadBitmapA

gdi32

SelectObject
GetDeviceCaps
BitBlt
DeleteObject
DeleteDC
StretchBlt
CreateCompatibleDC

shlwapi

PathRemoveFileSpecA
PathCombineA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vaultFile3774599164731940427.vol.METADATA

Sharing

General

Malware Config

Signatures

Files

Password: cautionhandlewithcare

Password: cautionhandlewithcare

219b1ac3660881c3bac149e5fad01af3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 16KB - Virtual size: 12KB