c0186[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0186.zip
Size

77KB
MD5

d5152b81982db63877cd4b97951947bb
SHA1

318293f469926dfab3faca4d5c0ac02afbb396fc
SHA256

d290c32e56135ad7d93eace8dc6d618db99d92b176114aa21ce3dd3d6e0bc7af
SHA512

413f35307df262cafda0ab05c96dd1dacbf9a7cfd9988283aa33b9f830ffe79f3c3a1838026da40a92e58337e172fb989ea6bfc61eeb00acd455597c22225437
SSDEEP

1536:N+nuUNSWfxrr0Jd5YkARZ3C1VGltuAKf0jY1EYUU0T4vcYdSKcs/:N+nuU0WASptF81VH0TKd+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bootkill32.exe

Files

c0186.zip
.zip

Password: infected
bootkill32.exe
.exe windows:4 windows x64 arch:x64

90228ed28c7734562c0118cd6f409c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\lenovo\code\64bitcode\bootkill\windows\trunk\x64\release\bootkill32.pdb

Imports

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

kernel32

Sleep
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileW
GetLastError
DeviceIoControl
CloseHandle
SetFilePointer
ReadFile
VirtualAlloc
WriteFile
VirtualFree
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
CreateFileA
ExitProcess
RtlVirtualUnwind
HeapSize
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
HeapReAlloc
LoadLibraryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

90228ed28c7734562c0118cd6f409c3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

Sections

.text Size: 117KB - Virtual size: 117KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 176B

.text
Size: 117KB - Virtual size: 117KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 176B