17884226338[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

17884226338.zip
Size

1.4MB
MD5

543cd5d72b65e112b1cf45d21b2d8d0e
SHA1

f770acb2f1b6a398688cb5b0e8755236de3bed74
SHA256

4befe7835edb80eb3358530947e4d55fd39adb96c7a12b0ac4e7a6359999a572
SHA512

a6d5f2a3eda088ea7d5bccdf3e1e3f64d1c06fb30b4f0d73213923da40ed8e1b9bb5bcc0f0aeeacb83067c7d4ca7343c0cf314ebd902dc0609f1e8aca888c2b4
SSDEEP

24576:IDlIkykyrI6Xz8YeUA3WoUGjaN1iZ2IOtrATnXs32Ua1KK9QZ9X/bq:IpIkykyrBz85J3WWA1i0hr4n889OPu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/91f40e8659da3dbbb22497b317aa37f26403be86662e359ecddcb4a0c72e154c

Files

17884226338.zip
.zip

Password: infected
91f40e8659da3dbbb22497b317aa37f26403be86662e359ecddcb4a0c72e154c
.dll regsvr32 windows:5 windows x86 arch:x86

Password: infected

78bc4d7502a410a29e78e2f413bcdc67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
GetFullPathNameA
FindFirstFileA
Process32FirstW
FormatMessageW
CreateProcessW
ResumeThread
WinExec
Process32NextW
GetCurrentThreadId
GetDriveTypeA
SetConsoleTextAttribute
GetProcessHeap
SetConsoleMode
ReadConsoleInputA
CreateThread
SetCurrentDirectoryW
ExitThread
CreatePipe
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
ProcessIdToSessionId
CreateConsoleScreenBuffer
GetStdHandle
DisconnectNamedPipe
GetStartupInfoW
MultiByteToWideChar
ReadFile
TerminateProcess
ReadConsoleOutputW
GetConsoleWindow
FreeConsole
WideCharToMultiByte
GetConsoleCP
GetTickCount
SetConsoleScreenBufferSize
WaitForSingleObject
SetConsoleActiveScreenBuffer
GetCurrentProcess
AllocConsole
PeekNamedPipe
WriteConsoleInputW
CloseHandle
lstrcpynW
Sleep
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
GetModuleHandleA
GetProcAddress
FileTimeToSystemTime
GetVersionExW
OpenProcess
ResetEvent
SetEvent
GetCurrentProcessId
GetModuleFileNameA
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleMode
InitializeCriticalSectionAndSpinCount
RtlUnwind
FreeLibrary
InterlockedExchange
LoadLibraryA
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
InitializeCriticalSection
InterlockedCompareExchange
CreateFileW
CreateEventW
GetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
GetSystemDirectoryW
GetLogicalDriveStringsW
SetThreadPriority
GetExitCodeThread
GetFileAttributesW
GetFileAttributesExW
SetFileTime
SetEndOfFile
SetFileAttributesW
CopyFileW
MoveFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
TryEnterCriticalSection
FindFirstFileW
FindClose
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetVersionExA
GetSystemInfo
GetComputerNameW
GetExitCodeProcess
GetProcessTimes
DuplicateHandle
CreateMutexW
ReleaseMutex
WaitForMultipleObjects
GetModuleFileNameW
LocalFree
LocalAlloc
LoadLibraryW
GetVersion
GlobalMemoryStatus
FlushConsoleInputBuffer
GetLastError
WriteFile
CreateFileA

user32

GetDesktopWindow
GetUserObjectInformationW
wsprintfW
MoveWindow
IsWindowVisible
SetThreadDesktop
ShowWindow
CloseDesktop
GetProcessWindowStation
CreateWindowStationW
CloseWindowStation
GetThreadDesktop
GetWindowRect
SetProcessWindowStation
CreateDesktopW
MessageBoxA

advapi32

OpenSCManagerA
CryptDecrypt
CryptSetHashParam
OpenProcessToken
GetTokenInformation
LookupAccountSidA
CreateProcessAsUserW
InitializeSecurityDescriptor
SetTokenInformation
SetSecurityDescriptorDacl
LookupPrivilegeValueW
DuplicateTokenEx
RegisterEventSourceW
ReportEventW
ImpersonateLoggedOnUser
RevertToSelf
AdjustTokenPrivileges
LogonUserW
IsTextUnicode
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegQueryValueExW
CloseServiceHandle
CreateServiceW
DeleteService
QueryServiceStatus
StartServiceA
ControlService
ChangeServiceConfigA
OpenServiceW
QueryServiceConfigW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyA
RegEnumValueW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptDestroyKey
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDestroyHash
CryptSignHashA
RegCloseKey
RegOpenKeyExW
CryptCreateHash

ws2_32

getservbyname
ntohl
send
WSAStartup
gethostname
getnameinfo
getaddrinfo
freeaddrinfo
WSAAddressToStringA
inet_addr
htons
WSAGetLastError
gethostbyname
recv
sendto
recvfrom
WSASetLastError
select
getsockname
getpeername
setsockopt
getsockopt
socket
ioctlsocket
__WSAFDIsSet
accept
connect
bind
listen
closesocket
ntohs
shutdown
WSACleanup

iphlpapi

GetAdaptersInfo

httpapi

HttpSendResponseEntityBody
HttpSendHttpResponse
HttpRemoveUrl
HttpAddUrl
HttpReceiveHttpRequest
HttpTerminate
HttpCreateHttpHandle
HttpInitialize
HttpReceiveRequestEntityBody

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext

Exports

Exports

DllRegisterServer
Update

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

78bc4d7502a410a29e78e2f413bcdc67

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

httpapi

userenv

version

crypt32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 558KB - Virtual size: 557KB

.data Size: 72KB - Virtual size: 102KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 137KB - Virtual size: 136KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 558KB - Virtual size: 557KB

.data
Size: 72KB - Virtual size: 102KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 137KB - Virtual size: 136KB