18067366440[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

18067366440.zip
Size

120KB
MD5

e80fafffa6d75f27aff79a8b7a1a3266
SHA1

51c5641f9d47aeaf1f0d316b0ba560f5b48e53e2
SHA256

34424cb3bed6a7a721d2636972da2ee2d48f86ed20ef831d7e96cfe968695105
SHA512

851af71f118aba383f190e50667600e015ad3cc095dea1b729d7cd83652a5e895e7dbe6f68bffc6f9e1760f3af2fbcb1164c54103f3479409d2161e9c9ecd7ae
SSDEEP

3072:hhcShWrYkjOatOXIoE6r88/8wps+GUds8wxMm:hhcShWhOat0sli8wpTs8gMm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8ee5bd6fea98577bd29c15055e96ec17c62ca415f4a5d26065b25a922b19d3b1

Files

18067366440.zip
.zip

Password: infected
8ee5bd6fea98577bd29c15055e96ec17c62ca415f4a5d26065b25a922b19d3b1
.dll regsvr32 windows:6 windows x64 arch:x64

be0c4f7e38089fe7168ec2ccb03364a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\GitLab-Runner\builds\qr55KSHn\1\endpoint\windows\WindowsSecurity\Allegro\Binary\Release\9.0.35\17\x64\wrusr.pdb

Imports

psapi

GetModuleFileNameExW

shlwapi

ord388

msimg32

TransparentBlt
AlphaBlend

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
GetCurrentProcessId
VirtualFree
GetCommandLineW
WaitForSingleObject
GetExitCodeThread
CloseHandle
CreateThread
SetErrorMode
CallNamedPipeW
Sleep
WriteProcessMemory
GetModuleHandleA
OpenProcess
LoadLibraryW
GetProcAddress
VirtualAllocEx
ExitProcess
CreateRemoteThread
GetModuleFileNameW
FormatMessageW
LocalFree
CreateMutexA
GetLastError
SizeofResource
FindResourceA
LockResource
GetNativeSystemInfo
LoadResource
CreateProcessW
QueryPerformanceCounter
LoadLibraryExW
ProcessIdToSessionId
DisableThreadLibraryCalls
MultiByteToWideChar
SetUnhandledExceptionFilter
WideCharToMultiByte
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStringTypeW
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
InterlockedFlushSList
RaiseException
GetStartupInfoW
SetThreadContext
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetFilePointerEx
SetStdHandle
HeapSize
FlushInstructionCache
GetThreadContext
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetCurrentThread
ResumeThread
SuspendThread
GetCurrentProcess
GetTickCount
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetCurrentThreadId
VirtualProtect
CreateFileW
WriteConsoleW
LCMapStringW
GetVersionExA

user32

LoadImageW
InsertMenuW
GetAncestor
UpdateWindow
InvalidateRect
FillRect
IsWindow
SetTimer
GetClientRect
BeginPaint
EndPaint
EnableWindow
FindWindowW
RegisterWindowMessageA
DefWindowProcW
RegisterShellHookWindow
LoadCursorW
GetMessageW
GetWindow
DestroyWindow
SetWindowPos
SetWindowLongPtrW
GetSysColor
UnregisterClassW
GetWindowLongPtrW
GetWindowPlacement
ShowWindow
DispatchMessageW
GetWindowInfo
RegisterClassW
SetLayeredWindowAttributes
TranslateMessage
GetWindowRect
IsWindowVisible
GetClassNameA
LoadStringW
WindowFromDC
GetClipboardData
SetClipboardData
GetWindowLongW
GetWindowThreadProcessId
PostMessageW
EnumChildWindows
SendMessageW
WaitForInputIdle
EnumWindows
GetClassNameW
GetWindowTextW
MessageBoxW
MessageBoxA
CreateWindowExW
InsertMenuItemW
PostQuitMessage

gdi32

GetStockObject
StretchBlt
PlgBlt
CreateDCW
MaskBlt
CreateDCA
CreateBitmap
SetBkColor
GetObjectW
BitBlt
DeleteDC
CreateCompatibleDC
SelectObject
SetTextColor

advapi32

RegCloseKey
IsValidSid
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
RegQueryValueExW
RegOpenKeyExW

shell32

DragQueryFileW
SHGetFolderPathW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
SynExp
SynProc
SynProc2

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

be0c4f7e38089fe7168ec2ccb03364a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

shlwapi

msimg32

kernel32

user32

gdi32

advapi32

shell32

ntdll

Exports

Exports

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 12KB - Virtual size: 55KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 12KB - Virtual size: 55KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 2KB