98819bf6b69f9e68c05b981e5fd5c3d1a2b562c1c453a3859c3cbeaef9156fad[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

98819bf6b69f9e68c05b981e5fd5c3d1a2b562c1c453a3859c3cbeaef9156fad.zip
Size

313KB
MD5

19d847a953d4e0aaf2b44b565b5600fa
SHA1

6caf230d668b4788dae70d93b96c8e70fe229c99
SHA256

e8d52b71db75e8f73cba0a37d3a88224dccbc3dd2eadf9c4556506b5b6210073
SHA512

eb44abfc4f1fe07d1cdacd48d2c00db3044184daeca7c0a1c5ffbca9aaae0a2abfba71802b810013795a220d48cc08a4d5f952e3a1075125f7e68f27fb26d82e
SSDEEP

6144:4hdoI8PZQhkk1fTx/3irtdRmrA0K7d0FTq19vLUbVYMSKyI:4dwP2ek1fTx6rtn47md0liabu6yI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/98819bf6b69f9e68c05b981e5fd5c3d1a2b562c1c453a3859c3cbeaef9156fad

Files

98819bf6b69f9e68c05b981e5fd5c3d1a2b562c1c453a3859c3cbeaef9156fad.zip
.zip

Password: infected
98819bf6b69f9e68c05b981e5fd5c3d1a2b562c1c453a3859c3cbeaef9156fad
.zip

Password: infected
98819bf6b69f9e68c05b981e5fd5c3d1a2b562c1c453a3859c3cbeaef9156fad
.exe windows:4 windows x86 arch:x86

db14ef413f095e018ee474da328c22e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateSolidBrush
GetStockObject

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_findfirst
_fileno
_findnext
_fmode
_fstat64
_ftime
_fullpath
_initterm
_iob
_lock
_lseeki64
_onexit
_read
_setjmp3
_stat
_strnicmp
_unlock
_write
_write
abort
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
isspace
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
remove
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

shell32

SHGetFolderPathA

user32

CloseClipboard
CreateWindowExA
DefWindowProcA
DispatchMessageA
EmptyClipboard
GetMessageA
MessageBoxA
OpenClipboard
PostMessageA
PostQuitMessage
RegisterClassA
SendMessageA
SetClassLongA
SetClipboardData
ShowWindow
TranslateMessage
UpdateWindow

winhttp

WinHttpCloseHandle
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest

Sections

.text
Size: 529KB - Virtual size: 529KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

db14ef413f095e018ee474da328c22e7

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

shell32

user32

winhttp

Sections

.text Size: 529KB - Virtual size: 529KB

.data Size: 25KB - Virtual size: 25KB

.rdata Size: 35KB - Virtual size: 35KB

.bss Size: - Virtual size: 3KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

/4 Size: 2KB - Virtual size: 1KB

/19 Size: 120KB - Virtual size: 119KB

/31 Size: 20KB - Virtual size: 20KB

/45 Size: 26KB - Virtual size: 25KB

/57 Size: 10KB - Virtual size: 9KB

/70 Size: 1KB - Virtual size: 1KB

/81 Size: 73KB - Virtual size: 72KB

/92 Size: 4KB - Virtual size: 3KB

.text
Size: 529KB - Virtual size: 529KB

.data
Size: 25KB - Virtual size: 25KB

.rdata
Size: 35KB - Virtual size: 35KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

/4
Size: 2KB - Virtual size: 1KB

/19
Size: 120KB - Virtual size: 119KB

/31
Size: 20KB - Virtual size: 20KB

/45
Size: 26KB - Virtual size: 25KB

/57
Size: 10KB - Virtual size: 9KB

/70
Size: 1KB - Virtual size: 1KB

/81
Size: 73KB - Virtual size: 72KB

/92
Size: 4KB - Virtual size: 3KB