7f1815f19008718516b1ab4f4a1da5e32ea681f6af280b01666a362fe2d10f24[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

7f1815f19008718516b1ab4f4a1da5e32ea681f6af280b01666a362fe2d10f24.zip
Size

814KB
MD5

2034ee7509398e252ca8e6757cc55255
SHA1

c35c8a8110ba159046c749abb3c4e025482bb5a4
SHA256

4e5e975a11793dc097cb6884843e9669f6668af6bae05afe3d55a00b3712d0b0
SHA512

52d016555ad753cad32ea6fef1b2747733fb6c676e0c9537c1dcc61dab9ac7e79bfa0dc53ca0330975957dd9fc68fe42cb46f98faeea9826da9cebfd1b495344
SSDEEP

12288:novudHtzOQjVRez3l7zGylhEjvKQNhnq+XMj2MdvCipp/8sw0K4ILCOvUACzfvZ:pZy9pUnNIhj266isaIOOsrLZ

Score

5^/10

Malware Config

Signatures

Detect suspicious telegram bot 1 IoCs

Detect suspicious telegram bot.

resource	yara_rule
static1/unpack001/7f1815f19008718516b1ab4f4a1da5e32ea681f6af280b01666a362fe2d10f24	suspicious_telegram_bot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7f1815f19008718516b1ab4f4a1da5e32ea681f6af280b01666a362fe2d10f24

Files

7f1815f19008718516b1ab4f4a1da5e32ea681f6af280b01666a362fe2d10f24.zip
.zip

Password: infected
7f1815f19008718516b1ab4f4a1da5e32ea681f6af280b01666a362fe2d10f24
.exe windows:6 windows x64 arch:x64

Password: infected

e524d755dd4016fb1c11b3f92e752850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

detenv.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

secur32

AcceptSecurityContext
AcquireCredentialsHandleA
ApplyControlToken
DecryptMessage
DeleteSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
InitializeSecurityContextW
QueryContextAttributesW

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
FindClose
FindFirstFileW
FormatMessageW
GetComputerNameW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryA
MultiByteToWideChar
PostQueuedCompletionStatus
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetFileCompletionNotificationModes
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SwitchToThread
UnhandledExceptionFilter
WaitForSingleObject
WaitForSingleObjectEx
WriteConsoleW
lstrlenW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CertFreeCertificateContext
CertGetCertificateChain
CertOpenStore
CertVerifyCertificateChainPolicy

user32

EnumDisplayMonitors
GetSystemMetrics

iphlpapi

GetAdaptersInfo

advapi32

GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

netapi32

NetApiBufferFree
NetShareEnum

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtWriteFile
RtlNtStatusToDosError

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASend
WSASocketW
WSAStartup
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
recv
send
setsockopt
shutdown

winmm

waveOutGetNumDevs

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
memcmp
memcpy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
_c_exit
_cexit
_configure_narrow_argv
_crt_atexit
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-string-l1-1-0

wcslen

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 217B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e524d755dd4016fb1c11b3f92e752850

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

secur32

kernel32

crypt32

user32

iphlpapi

advapi32

netapi32

ntdll

ws2_32

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 617KB - Virtual size: 617KB

.data Size: 1024B - Virtual size: 1KB

.pdata Size: 58KB - Virtual size: 58KB

.tls Size: 512B - Virtual size: 217B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 617KB - Virtual size: 617KB

.data
Size: 1024B - Virtual size: 1KB

.pdata
Size: 58KB - Virtual size: 58KB

.tls
Size: 512B - Virtual size: 217B

.reloc
Size: 7KB - Virtual size: 7KB