pwdcrack[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

pwdcrack.zip
Size

161KB
MD5

ab800016e9619f8f8a19a4fc87f2b806
SHA1

e9191acb24d64bbbd5cb7d3ec842fb648ca9bd7e
SHA256

ca4fb9a9a5ee9f30a6ebe8db1543d118cf1c90c963a3875150c572027380770b
SHA512

8cb87d4b79742f13d22feb637de88815bf673ad4aae215132681ae9fe67fda6590419b00baace65d01ab791f238d2050f9df06fd208b41ec42ea53bdfec0075f
SSDEEP

3072:vNV6zkfJkTuIARLKlVtxvThexfN0HeMeC5+i2WRRvizs/ydFO:1MIfJkTuH0vThQO13fRviz9dU

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pchookU.dll
unpack001/pwdcrackU.exe

Files

pwdcrack.zip
.zip
Cesky.lng
Chinese[RPC].lng
Danish.lng
Espaniol.lng
Filipino.lng
French.lng
German.lng
Greek.lng
Hindi.lng
Italiano.lng
Nederlands.lng
Polish.lng
Portugues [BR].lng
ReadMe_En.htm
ReadMe_Ru.htm
Rename_To_Language_Name_In_English.lng
Russian_U.lng
Sinhala.lng
Ukrainian.lng
Zhope.lng
history.txt
pchookU.dll
.dll windows:4 windows x86 arch:x86

615922d4dc11cf6467b482faf8c3806d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingW
SetLastError
FormatMessageW
IsBadCodePtr
IsBadReadPtr
GetCurrentProcessId
GetModuleFileNameW
GetLastError
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
OpenEventW
SetEvent
ResetEvent
CloseHandle
LoadLibraryW
FreeLibrary
GetProcAddress
IsBadWritePtr
IsBadStringPtrW

user32

UnhookWindowsHookEx
GetWindowThreadProcessId
SetWindowsHookExW
SendMessageTimeoutW
CallNextHookEx
GetClientRect
SendMessageW
GetWindowLongW
SetWindowLongW
IsWindow
IsWindowUnicode
GetClassNameW
GetWindowTextW
GetParent
RedrawWindow

msvcrt

memset
wcsncat
wcslen
swprintf
wcsncpy
wcscat
memcpy
__CxxFrameHandler

Exports

Exports

_DllMain@12
_Get_PCHookDLLInfo
_Install
_Install2
_UnInstall

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 598B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pwdcrackU.exe
.exe windows:4 windows x86 arch:x86

d54cd8532c9e2c8a234e370bd5a4e228

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadCodePtr
CreateFileMappingW
SetLastError
OpenFileMappingW
FormatMessageW
OpenEventW
GetCurrentProcessId
FindNextFileW
GlobalDeleteAtom
GlobalAddAtomW
VirtualFree
VirtualAlloc
ResetEvent
WriteFile
CreateFileW
SetFilePointer
GetLocalTime
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetUserDefaultLCID
WaitForMultipleObjects
InterlockedExchange
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
GetLocaleInfoW
EnumResourceNamesW
EnumResourceLanguagesW
PulseEvent
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
OpenProcess
LocalFree
LocalAlloc
InterlockedCompareExchange
WideCharToMultiByte
LCMapStringW
GlobalUnlock
GetOEMCP
GetACP
ReadFile
FlushFileBuffers
SetStdHandle
GetCPInfo
LCMapStringA
GetStringTypeW
GetStringTypeA
LoadLibraryA
SetUnhandledExceptionFilter
HeapSize
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
RaiseException
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
IsBadReadPtr
GlobalAlloc
Sleep
CreateEventW
CreateThread
ResumeThread
SetEvent
GetDateFormatW
GetTimeFormatW
SetErrorMode
GetFileAttributesW
GetLastError
IsBadWritePtr
IsBadStringPtrW
WaitForSingleObject
CloseHandle
FindFirstFileW
FindClose
GetCurrentProcess
FlushInstructionCache
OutputDebugStringW
DebugBreak
CompareStringW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
lstrcmpiW
lstrcpyW
InterlockedIncrement
GetModuleHandleW
lstrlenW
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalLock
GetModuleFileNameW

user32

WindowFromPoint
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetMenuItemInfoW
EnableMenuItem
GetMenuItemID
GetDesktopWindow
PostMessageW
IsIconic
SetActiveWindow
ShowWindow
PostQuitMessage
CreateAcceleratorTableW
TranslateAcceleratorW
DrawFrameControl
InflateRect
SystemParametersInfoW
SetWindowPos
GetSubMenu
CheckMenuItem
SetForegroundWindow
DestroyMenu
TrackPopupMenuEx
IsWindowVisible
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyboardLayoutList
GetKeyboardLayout
SendMessageW
SetWindowTextW
GetDlgItem
IsDialogMessageW
LoadBitmapW
LoadMenuW
GetMenuStringW
GetActiveWindow
DialogBoxParamW
GetSystemMenu
DeleteMenu
SetCursorPos
GetMenuItemCount
GetKeyState
FlashWindow
CreatePopupMenu
AppendMenuW
InsertMenuW
SetMenuDefaultItem
CheckMenuRadioItem
CreateDialogParamW
GetWindow
DestroyWindow
GetWindowThreadProcessId
IsMenu
EndDialog
GetWindowTextW
SetRectEmpty
DefWindowProcW
IsWindow
UpdateWindow
ReleaseCapture
GetCapture
MessageBeep
TrackPopupMenu
LoadIconW
GetMenuState
GetSysColorBrush
GetIconInfo
LoadImageW
DrawIconEx
CopyRect
ClientToScreen
GetWindowRect
MapWindowPoints
KillTimer
SetTimer
DestroyIcon
RedrawWindow
CallWindowProcW
LoadStringW
wvsprintfW
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
FillRect
CharNextW
GetDlgCtrlID
CreateWindowExW
ReleaseDC
GetDC
GetClientRect
DrawTextW
OffsetRect
GetClassNameW
GetWindowLongW
SetWindowLongW
LoadCursorW
GetWindowTextLengthW
GetCursorPos
ScreenToClient
SetCursor
EndPaint
BeginPaint
GetParent
MessageBoxW
InvalidateRect
PtInRect
SetFocus
SetCapture
GetSystemMetrics

advapi32

RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
OpenProcessToken
CheckTokenMembership
RegQueryValueExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdi32

GetObjectType
SelectClipRgn
CreateRoundRectRgn
SetBkColor
ExtTextOutW
SetBkMode
SetTextColor
DeleteDC
SelectObject
GetStockObject
GetObjectW
DeleteObject
CreateFontIndirectW

rpcrt4

UuidFromStringA

winmm

PlaySoundW

pchooku

_Install
_UnInstall

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

615922d4dc11cf6467b482faf8c3806d

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 724B

Shared Size: 512B - Virtual size: 12B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 598B

d54cd8532c9e2c8a234e370bd5a4e228

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

gdi32

rpcrt4

winmm

pchooku

ole32

oleaut32

comctl32

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 25KB - Virtual size: 33KB

.rsrc Size: 34KB - Virtual size: 33KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 724B

Shared
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 598B

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 25KB - Virtual size: 33KB

.rsrc
Size: 34KB - Virtual size: 33KB