Kiddoins-menu-v1[.]0[.]0-799710[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Kiddoins-menu-v1.0.0-799710.zip
Size

20.2MB
MD5

656ead3a6e6bdf0096999a394358df22
SHA1

37b394e48f590afee7e35bccf18e3f03f9b32a43
SHA256

fb4221b99a21312a47c37d27cf9c24ec2b7d1dec2099ee8baa7aabc17075cdb6
SHA512

e160c585241b2cfaee6bb5c0fedcafe8ace4b0b3105c040ba8cb89e20d85471b65c497f7ad49eeb2efb25a536857afd42b6b0866204d731e9fceebe0f16b9005
SSDEEP

393216:cHQ2mN0d1suygoNVVstkYJ5898zf2sK21PTGfFysi1DKpLvRnB7:cHQn0dRMNVVUkl98L2sK2BKf4AZnB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setupprogram_01234.exe

Files

Kiddoins-menu-v1.0.0-799710.zip
.zip

Password: infected
Setupprogram_01234.exe
.exe windows:6 windows x86 arch:x86

Password: infected

f965494e3dbcc5d1352bcefcd5609d36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetStringTypeW
IsValidCodePage
MoveFileW
ReleaseSRWLockExclusive
TlsGetValue
FreeEnvironmentStringsW
LCMapStringW
QueryPerformanceFrequency
EnterCriticalSection
HeapAlloc
HeapSize
InitializeCriticalSectionEx
GetTickCount64
SetEvent
LoadLibraryExW
GlobalFree
VerSetConditionMask
CreateEventA
GetCPInfo
LCMapStringEx
GetEnvironmentStringsW
CreateThread
FormatMessageA
GetACP
GetModuleHandleW
VirtualFree
TlsFree
TlsSetValue
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
ReadConsoleW
GlobalAlloc
EncodePointer
GetSystemDirectoryW
GetTickCount
GetFileSizeEx
SetStdHandle
GetFileSize
GetStartupInfoW
TlsAlloc
GetLocaleInfoW
CloseHandle
GetLastError
GetFileInformationByHandle
CreateSemaphoreA
GetVersionExA
SetFilePointerEx
LoadLibraryA
GetLogicalDriveStringsW
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
RemoveDirectoryA
FindClose
InitializeCriticalSection
HeapReAlloc
HeapFree
InitializeCriticalSectionAndSpinCount
WriteConsoleW
WriteFile
SetPriorityClass
MultiByteToWideChar
SetFileAttributesA
CompareStringW
ReadFile
SetLastError
GetVersion
WaitForSingleObjectEx
DecodePointer
AreFileApisANSI
LeaveCriticalSection
RemoveDirectoryW
CreateDirectoryW
GetConsoleMode
GetFileAttributesExW
GetCurrentProcess
GetConsoleCP
SetFileTime
DeleteCriticalSection
GetProcessAffinityMask
GetDateFormatW
LoadLibraryW
SleepEx
GetTimeZoneInformation
VerifyVersionInfoW
lstrlenA
GetCurrentDirectoryA
MoveFileA
FindFirstFileExA
PeekNamedPipe
WaitForMultipleObjects
RtlUnwind
Sleep
FindNextFileW
UnhandledExceptionFilter
GetStdHandle
GetModuleHandleExW
EnumSystemLocalesW
GetModuleHandleA
IsValidLocale
GetCurrentDirectoryW
lstrcatA
SetEndOfFile
GlobalLock
DeleteFileA
SetFilePointer
GetProcAddress
GetFileAttributesA
GetCurrentThreadId
GetModuleFileNameW
GetSystemInfo
SetFileAttributesW
CompareFileTime
ResetEvent
TerminateProcess
FreeLibraryAndExitThread
GetFileType
GetDriveTypeW
FindFirstFileW
CreateFileW
IsDebuggerPresent
GetFullPathNameW
GetEnvironmentVariableA
WideCharToMultiByte
ExitProcess
InitializeSListHead
FindFirstFileA
GetUserDefaultLCID
WaitForSingleObject
GetLogicalDriveStringsA
QueryPerformanceCounter
AcquireSRWLockExclusive
CreateFileA
ExitThread
GetSystemTimeAsFileTime
DeleteFileW
FormatMessageW
IsProcessorFeaturePresent
GetTimeFormatW
FileTimeToLocalFileTime
RaiseException
FindNextFileA
ReleaseSemaphore
LocalFree
FlushFileBuffers
CreateDirectoryA
GetOEMCP
GetModuleFileNameA
SetUnhandledExceptionFilter
SetEnvironmentVariableA
MoveFileExW
VirtualAlloc
GlobalUnlock
GetFileAttributesW
GetCommandLineW

user32

CloseClipboard
GetMonitorInfoA
MessageBoxA
MonitorFromWindow
OpenClipboard
GetParent
SystemParametersInfoA
CharUpperA
MapDialogRect
SendMessageW
GetDlgItem
ShowWindow
InvalidateRect
MessageBoxW
SendMessageA
EndDialog
DialogBoxParamW
GetWindowTextLengthW
SetWindowTextA
PostMessageA
SetWindowTextW
GetWindowTextA
MoveWindow
KillTimer
SetCursor
ScreenToClient
GetWindowTextLengthA
LoadIconA
LoadStringA
SetTimer
SetWindowLongA
DialogBoxParamA
LoadCursorA
wsprintfA
LoadStringW
SetFocus
GetWindowRect
GetKeyState
IsDlgButtonChecked
SetClipboardData
EnableWindow
GetWindowTextW
CharUpperW
CheckDlgButton
GetWindowLongA
EmptyClipboard
GetFocus

advapi32

CryptGetHashParam
CryptAcquireContextW
CloseServiceHandle
CryptDestroyHash
CryptImportKey
CryptHashData
CryptCreateHash
CryptEncrypt
CryptDestroyKey
CryptReleaseContext

shell32

SHGetSpecialFolderPathW
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

CoInitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
VariantClear
SysFreeString

bcrypt

BCryptGenRandom

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore
CertGetNameStringW
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptStringToBinaryW
CertFindExtension

wldap32

ord219
ord145
ord216
ord142
ord41
ord14
ord147
ord79
ord27
ord167
ord208
ord73
ord133
ord127
ord301
ord117
ord46
ord26

ws2_32

recvfrom
listen
accept
htonl
WSACloseEvent
getaddrinfo
ioctlsocket
gethostname
sendto
WSAStartup
WSACleanup
WSACreateEvent
getsockopt
WSAIoctl
send
WSAEnumNetworkEvents
WSAResetEvent
WSAEventSelect
freeaddrinfo
ntohs
WSASetLastError
WSAGetLastError
closesocket
setsockopt
WSAWaitForMultipleEvents
htons
socket
select
__WSAFDIsSet
recv
connect
getsockname
getpeername
bind

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f965494e3dbcc5d1352bcefcd5609d36

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 251KB - Virtual size: 250KB

.data Size: 8KB - Virtual size: 28KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 89KB - Virtual size: 89KB

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 251KB - Virtual size: 250KB

.data
Size: 8KB - Virtual size: 28KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 89KB - Virtual size: 89KB