qaUeLV5izv3cUOeQqFwrf0 (2)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

qaUeLV5izv3cUOeQqFwrf0 (2).zip
Size

135KB
MD5

53417b5e6775216e9c9fbba2da57fe1e
SHA1

3f232f8f4c873529b3baee3868e45b6d54b5fac0
SHA256

108174ddd4f4c960b0ab9d43b3dfa88bdbf92f9029dc6fbd42e1666e81a54197
SHA512

6a461660cd7dc8570b6a0c7a8915db956294ca5a0df93fa073e42701b3ce8f01bba581715338b83198ff41a310b2b705359b379598bd34690cf142e1fa282ab3
SSDEEP

3072:1SZ/Nmc1Vu5qSgOpITbiNjhy4SPAoReIdf9No3rnwO/XEVzyOMYVfd:YZDgYS9pIfiLSPAoH590bwiXrlYVfd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/setup-x64.exe_

Files

qaUeLV5izv3cUOeQqFwrf0 (2).zip
.zip

Password: unzip-me
file-acquisition-raw-issues.daXbZ37mbr2hmZASZMZryR.xml
.xml
files-raw.Yv8BWTPbDe7g8rEghDhNa7.xml
.xml
manifest.json
metadata.json
script.xml
.xml
setup-x64.exe_
.exe windows:4 windows x64 arch:x64

Password: unzip-me

7182b1ea6f92adbf459a2c65d8d4dd9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc

kernel32

GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject

shell32

ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW

winmm

timeBeginPeriod

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

user32

CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos

gdi32

GetStockObject

comctl32

InitCommonControlsEx

Sections

.code
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sysinfo.xjACQDoCpff7KvaAGdN2Hq.xml
.xml

Sharing

General

Malware Config

Signatures

Files

Password: unzip-me

Password: unzip-me

7182b1ea6f92adbf459a2c65d8d4dd9e

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

winmm

ole32

shlwapi

user32

gdi32

comctl32

Sections

.code Size: 23KB - Virtual size: 22KB

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 19KB - Virtual size: 18KB

.pdata Size: 4KB - Virtual size: 4KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 363KB - Virtual size: 363KB

.code
Size: 23KB - Virtual size: 22KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 19KB - Virtual size: 18KB

.pdata
Size: 4KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 363KB - Virtual size: 363KB