9ec39d5966cb1b87cbefe2062da1918528d644167b57ba13f50ae2cff63a5eb1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9ec39d5966cb1b87cbefe2062da1918528d644167b57ba13f50ae2cff63a5eb1.zip
Size

581KB
MD5

cd0f5a84542bf3cd6054700b5d5459b6
SHA1

3608eda01cd0cde229d2cbb907d86521b2d89d50
SHA256

dfb66958e3c43f6c7e456c54fb57a56410664ec29f7ff651007e28d7e673b516
SHA512

6f9bcc756253380e779933caeb77807d8b63d0e8557acfe61f63a505fa4ad09aea1bf523bffd7c4b69171984d21259c04abbd4af144fa318b6f6d2ac332db38b
SSDEEP

12288:q4ZTr9RuQjjO07L5fmtgMREP2fTLLLNpkzeQ1iuVm1t+6l8uvOBd2:XZnTuwjr7LFmPEP2DAz51dVVDFBQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Dither.dll

Files

9ec39d5966cb1b87cbefe2062da1918528d644167b57ba13f50ae2cff63a5eb1.zip
.zip

Password: infected
Dither.dll
.dll windows:4 windows x86 arch:x86

62b827c58b869b90566ce1c6226d9092

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
FindResourceA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
GetProcAddress
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
LoadResource
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

??0AngledScreen@@QAE@ABV0@@Z
??0AngledScreen@@QAE@KKK_N@Z
??0Dithering@@QAE@ABV0@@Z
??0Dithering@@QAE@KKK@Z
??0Dithering@@QAE@XZ
??0ErrorDiffusion@@QAE@ABV0@@Z
??0ErrorDiffusion@@QAE@KKK@Z
??0FMXDiffusion@@QAE@ABV0@@Z
??0FMXDiffusion@@QAE@KKK@Z
??0KFDiffusion@@QAE@ABV0@@Z
??0KFDiffusion@@QAE@KKK@Z
??0LPDithering@@QAE@XZ
??0LXDiffusion@@QAE@ABV0@@Z
??0LXDiffusion@@QAE@KKK@Z
??0LXDiffusion@@QAE@KKK_N@Z
??0LXDiffusion@@QAE@XZ
??0RandomDiffusion@@QAE@ABV0@@Z
??0RandomDiffusion@@QAE@KKK@Z
??1AngledScreen@@UAE@XZ
??1Dithering@@UAE@XZ
??1ErrorDiffusion@@UAE@XZ
??1FMXDiffusion@@UAE@XZ
??1KFDiffusion@@UAE@XZ
??1LPDithering@@QAE@XZ
??1LXDiffusion@@UAE@XZ
??1RandomDiffusion@@UAE@XZ
??4AngledScreen@@QAEAAV0@ABV0@@Z
??4Dithering@@QAEAAV0@ABV0@@Z
??4ErrorDiffusion@@QAEAAV0@ABV0@@Z
??4FMXDiffusion@@QAEAAV0@ABV0@@Z
??4KFDiffusion@@QAEAAV0@ABV0@@Z
??4LPDithering@@QAEAAV0@ABV0@@Z
??4LXDiffusion@@QAEAAV0@ABV0@@Z
??4RandomDiffusion@@QAEAAV0@ABV0@@Z
??_7AngledScreen@@6B@
??_7Dithering@@6B@
??_7ErrorDiffusion@@6B@
??_7FMXDiffusion@@6B@
??_7KFDiffusion@@6B@
??_7LXDiffusion@@6B@
??_7RandomDiffusion@@6B@
?Action@ErrorDiffusion@@UAEXKQBQBEQAPAE@Z
?Action@KFDiffusion@@UAEXKQBQBEQAPAE@Z
?Action@LXDiffusion@@UAEXKQBQBEQAPAE@Z
?Action@RandomDiffusion@@UAEXKQBQBEQAPAE@Z
?Diffuse1Row@KFDiffusion@@IAEXPAPAF00PAPAE11PAFPAE3@Z
?IsInterLeavedInput@Dithering@@UAE_NXZ
?SetAllBufBitTo1@Dithering@@IAEXPAEK@Z
?SetInterLeavedInput@Dithering@@UAE_NXZ
?SetInterLeavedInput@LXDiffusion@@UAE_NXZ
?SetOutputValue@Dithering@@QAEXAAJPAEKJ@Z

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

62b827c58b869b90566ce1c6226d9092

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 76KB - Virtual size: 78KB

.rsrc Size: 516KB - Virtual size: 512KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 76KB - Virtual size: 78KB

.rsrc
Size: 516KB - Virtual size: 512KB

.reloc
Size: 8KB - Virtual size: 5KB