MDE_File_Sample_9505bf2fda5227b9f2b779c889832596238bd9bb[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_9505bf2fda5227b9f2b779c889832596238bd9bb.zip
Size

34KB
MD5

763174f7c85a73951418656ab249449e
SHA1

343714ab0f61b28275df391e563c6cd3890b1567
SHA256

516c9f91f84a9b40151fbb5674974c7f914f5e90c9b8d77ab097c5cf25325d08
SHA512

d2861dc9cc98485cabd07eb9bbdf8e32c5faa9d3a10c56e72313b253cc69014c2e88d0a50442346c43c46f543e0792d13b0c0d32306604d20b5d62db6fe382d0
SSDEEP

768:AOs7viH/H+oc0wGvpiJZHXMzuT5yD/gp4l3UaY:AOs7G+olvkJJMGI/gp6kaY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9505bf2fda5227b9f2b779c889832596238bd9bb

Files

MDE_File_Sample_9505bf2fda5227b9f2b779c889832596238bd9bb.zip
.zip

Password: malware
9505bf2fda5227b9f2b779c889832596238bd9bb
.exe windows:4 windows x86 arch:x86

Password: malware

489174d9d231ccea99684d62d912b0b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
GetModuleFileNameA
DeleteCriticalSection
GetExitCodeProcess
TerminateProcess
CloseHandle
GetPrivateProfileStringA
CreateProcessA
Sleep
GetCurrentThreadId
GetLastError
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
SetFilePointer
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadFile
HeapSize

user32

GetThreadDesktop
GetUserObjectInformationA
PostThreadMessageA

advapi32

StartServiceCtrlDispatcherA
CreateServiceA
DeleteService
SetServiceStatus
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
LogonUserA
CreateProcessAsUserA
RegisterServiceCtrlHandlerA

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: malware

Password: malware

489174d9d231ccea99684d62d912b0b9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 636B

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 636B