140d04d3771711e1d5d7321055c58d38900ccc5d8edbb2329a9f515fecc25289[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

140d04d3771711e1d5d7321055c58d38900ccc5d8edbb2329a9f515fecc25289.zip
Size

128KB
MD5

13c0509e62e264bc37b1cae2702293ba
SHA1

2aae666bc5272c4a8b3ca98e24f7e9f11524edd4
SHA256

0abb055bb6edc59e285b9438ae97d1fe8e94b3466aec7abd3e8a5243781656cd
SHA512

449497bf5ae0c87e584d82d917e310edb7ae877bb6caf13394dc2d13cc2c0589bbd23eb8c3118f47646cd9b0ef365c053ad45fddda7e407ec9e175605002faa2
SSDEEP

1536:NNpP8pm1Jk7nvKTSXIA3JrbUihHI6cw0+8lnsgsjoD+vnDioJXUhGylroJlUSrX9:hZ1WyexbUzCy5jYoKvDioChxl+p84NP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C/ProgramData/Sentinel/AFUCache/140d04d3771711e1d5d7321055c58d38900ccc5d8edbb2329a9f515fecc25289

Files

140d04d3771711e1d5d7321055c58d38900ccc5d8edbb2329a9f515fecc25289.zip
.zip

Password: S1BinaryVault
C/ProgramData/Sentinel/AFUCache/140d04d3771711e1d5d7321055c58d38900ccc5d8edbb2329a9f515fecc25289
.exe windows:5 windows x86 arch:x86

Password: S1BinaryVault

360c17d3bd154e5b158957596a13907c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projets\vbsedit_source\script2exe\Release\mywscript.pdb

Imports

kernel32

GetFileAttributesW
GetFileSizeEx
GetFileTime
GetStartupInfoW
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
GetModuleHandleA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
GetCurrentProcessId
SetErrorMode
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
InterlockedIncrement
lstrlenA
lstrcmpA
CloseHandle
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeLibrary
InterlockedDecrement
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
WideCharToMultiByte
WriteConsoleW
ExitProcess
GetModuleFileNameW
ExpandEnvironmentStringsW
GetStdHandle
Sleep
GetModuleHandleW
GetCommandLineW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
GetTickCount
SizeofResource

user32

CharUpperW
SetCursor
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ClientToScreen
DestroyMenu
ShowWindow
SetWindowTextW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetWindowThreadProcessId
IsWindowEnabled
PostQuitMessage
SetMenuItemBitmaps
LoadBitmapW
ModifyMenuW
CheckMenuItem
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
MessageBoxW
GetActiveWindow
GetSubMenu
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
IsWindowVisible
GetClientRect
PostMessageW
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
SetWindowLongW
GetWindowLongW
GetMenu
PtInRect
CopyRect
CallWindowProcW
DefWindowProcW
SendMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
GetDlgCtrlID
EnableMenuItem

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
ExtTextOutW
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
PtVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

ole32

CoDisconnectObject
StringFromGUID2
CoGetObject
CoCreateInstance
CLSIDFromProgID
CoInitialize

oleaut32

SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen
VariantChangeType
LoadTypeLibEx
LoadRegTypeLi
SysAllocString
SysStringLen
LoadTypeLi

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1BinaryVault

Password: S1BinaryVault

360c17d3bd154e5b158957596a13907c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ole32

oleaut32

Sections

.text Size: 165KB - Virtual size: 164KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 10KB - Virtual size: 10KB

.reloc Size: 30KB - Virtual size: 29KB

.text
Size: 165KB - Virtual size: 164KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 10KB - Virtual size: 10KB

.reloc
Size: 30KB - Virtual size: 29KB