18097779519[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

18097779519.zip
Size

50KB
MD5

bb80fc88f8d2965548513334560d4acc
SHA1

f0f8e3c3eeefa551ce4dfbae807d241d47d9e9c3
SHA256

d40dcb9f133cc427778b65628c38f1fd603876deec2d21dab8d346fc02049fc0
SHA512

a27dce1887145edf8fc127cdf4ce5a5d6622d113f88158b9b49280cdcc0834914c0c714d6d567b5aa46aa7429cbb1a5141ebaa539e0516907d69c2c277416a65
SSDEEP

768:oGKR4qtpn5xfx1BARrqGZdzLlClsagyPF+NOgPTGk+czN:ZiN7nfFARrqGHzLlyngygNOgPJTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/723c74f4cfd89f4dfd6459d4e7e34bb6263c5c9fc624a9505d09b92b5d8bd06b

Files

18097779519.zip
.zip

Password: infected
723c74f4cfd89f4dfd6459d4e7e34bb6263c5c9fc624a9505d09b92b5d8bd06b
.exe windows:6 windows x64 arch:x64

Password: infected

87a7f46365727abfbe4181bb368edf98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Asr_Src\Asr\AllCommand\Commands\x64\Release\MoveFolder.pdb

Imports

mfc140u

ord11855
ord8926
ord8901
ord10704
ord14128
ord7235
ord3678
ord3586
ord3685
ord3598
ord1091
ord6250
ord6320
ord3756
ord1089
ord450
ord6850
ord9159
ord3713
ord7779
ord4721
ord7394
ord1058
ord8819
ord3059
ord4081
ord8439
ord2906
ord3746
ord3246
ord6822
ord5672
ord13864
ord5240
ord2212
ord14219
ord8471
ord14221
ord13761
ord13767
ord7551
ord2210
ord1668
ord1502
ord13307
ord7775
ord6724
ord4724
ord7249
ord3830
ord2477
ord1149
ord528
ord1158
ord990
ord8900
ord9946
ord7922
ord5227
ord7450
ord7461
ord7460
ord5062
ord5229
ord5083
ord5582
ord5339
ord9041
ord5552
ord5363
ord5080
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord8830
ord7651
ord14211
ord2967
ord4352
ord9384
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord4853
ord4794
ord3071
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1748
ord1722
ord1700
ord11940
ord11944
ord13513
ord3173
ord8947
ord10691
ord6729
ord11902
ord8656
ord14209
ord11625
ord3718
ord11771
ord8823
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord2698
ord7913
ord3209
ord3212
ord13401
ord6002
ord4084
ord6906
ord8058
ord8451
ord14027
ord8409
ord4511
ord4510
ord12443
ord4913
ord1631
ord4726
ord296
ord2370
ord1489
ord3307
ord1503
ord265
ord2222
ord1667
ord12932
ord1670
ord13397
ord2697
ord14217
ord6000
ord13597
ord2270
ord2903
ord7893
ord810
ord285
ord5709
ord2921
ord4181
ord5674
ord1501
ord4656
ord3308
ord3951
ord10163
ord11085
ord8731
ord11813
ord10070
ord7393
ord983
ord1450
ord7716
ord940
ord6614
ord1033
ord6287
ord8507
ord2344
ord2149
ord4335
ord13199
ord3697
ord3579
ord3596
ord3599
ord13302
ord1671
ord12933
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord1428
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord962
ord280
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord4445
ord7920
ord10124
ord11933
ord11901
ord12606
ord5555
ord286
ord4800
ord9941
ord266
ord1491

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
FindNextFileW
GetLongPathNameW
FindFirstFileW
FindFirstFileExW
FindClose
GetModuleHandleW
InitializeCriticalSectionEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
CreateMutexW
GetTickCount
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentProcessId
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentProcess
GetFileAttributesW
UnmapViewOfFile
MapViewOfFile
OutputDebugStringW
CreateFileMappingW
CloseHandle
OpenMutexW
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
Sleep

user32

GetClassNameW
GetDC
ReleaseDC
EnableWindow
KillTimer
SetTimer
SetForegroundWindow
GetMonitorInfoW
GetWindowRect
MonitorFromWindow
GetKeyState
GetForegroundWindow
AttachThreadInput
SystemParametersInfoW
GetClientRect
GetDlgCtrlID
FindWindowW
SendMessageW
PostMessageW
GetWindowThreadProcessId
SetWindowPos
FindWindowExW
GetWindowTextW
DrawTextW

gdi32

GetTextExtentPoint32W

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW

shell32

ord165
DragQueryFileW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListEx
SHGetFileInfoW
ord71
ord155
DragAcceptFiles

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsW
StrCmpW
StrStrIW
StrCpyW

ole32

CoUninitialize
CoInitialize

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception
memcpy
memmove
__std_terminate
__std_exception_copy
__std_exception_destroy
memset
__C_specific_handler
_CxxThrowException
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
fgetws
fclose
_close
_read
_wsopen_s
_filelength
_wfopen_s
fputws
_wfsopen

api-ms-win-crt-string-l1-1-0

isalpha
_wcsnicmp
wcscpy_s
_wcsicmp
isdigit

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-filesystem-l1-1-0

_wfullpath

api-ms-win-crt-locale-l1-1-0

_wsetlocale
_configthreadlocale

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

87a7f46365727abfbe4181bb368edf98

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

msvcp140

version

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB