f4ec2dba070a9ecd1dee342329b0cd7caa406cd4995c41b9aab9aea9b73cd06d[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f4ec2dba070a9ecd1dee342329b0cd7caa406cd4995c41b9aab9aea9b73cd06d.zip
Size

239KB
MD5

55149458d864248185ea0d7c4584b4b8
SHA1

e4110632899c7ced6ba64da42f499afabe82a9fd
SHA256

9d931b90a9a51cb19194d616e3b482eb1d4965760256db3564856b4ac799aaa2
SHA512

65e652d3d837b25c63ffe6fae11f04850187eac1d5eb2812e943895ca043ee9069291b9da836ca13f3d9c53875a01d91c34f7c19172222c81969820c13bff344
SSDEEP

6144:Eow2Fhg5MKFnKn2Felkj9ZLJ9lRPmhax8ZcNXUps6:EsFhg5VnKjypn9lReh/wF6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f4ec2dba070a9ecd1dee342329b0cd7caa406cd4995c41b9aab9aea9b73cd06d

Files

f4ec2dba070a9ecd1dee342329b0cd7caa406cd4995c41b9aab9aea9b73cd06d.zip
.zip

Password: infected
f4ec2dba070a9ecd1dee342329b0cd7caa406cd4995c41b9aab9aea9b73cd06d
.exe windows:6 windows x64 arch:x64

7ade23cf90b842d6a9620c740656bcfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
NtQuerySystemInformation
RtlGetVersion
NtQueryInformationProcess
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlNtStatusToDosError
NtWriteFile
RtlPcToFileHeader

advapi32

OpenSCManagerW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
SystemFunction036
CloseServiceHandle
RegSetValueExW
RegCreateKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateServiceW
OpenServiceW
RegOpenKeyW

kernel32

GetCPInfo
WideCharToMultiByte
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
OpenProcess
HeapFree
CloseHandle
GetLastError
HeapReAlloc
GetCurrentProcessId
GetProcessHeap
GetCommandLineW
GetCurrentProcess
GlobalMemoryStatusEx
K32GetPerformanceInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
Sleep
WaitForSingleObject
GetExitCodeProcess
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetCurrentThread
TryAcquireSRWLockExclusive
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
SetLastError
GetModuleHandleW
FormatMessageW
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
ExitProcess
GetSystemTimeAsFileTime
HeapAlloc
GetCurrentDirectoryW
CreateMutexA
WaitForSingleObjectEx
LoadLibraryA
ReleaseMutex
AcquireSRWLockShared
ReleaseSRWLockShared
GetProcessTimes
GetOEMCP
ReadProcessMemory
VirtualQueryEx
GetSystemTimes
GetProcessIoCounters
LocalFree
LoadLibraryExA
FreeLibrary
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
HeapSize
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
GetCommandLineA
FlsGetValue
GetModuleHandleExW
FlsAlloc
TerminateProcess
WriteFile
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW

fltlib

FilterLoad
FilterSendMessage
FilterConnectCommunicationPort

pdh

PdhCollectQueryData
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhOpenQueryA
PdhRemoveCounter
PdhCloseQuery

bcrypt

BCryptGenRandom

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

shell32

CommandLineToArgvW

powrprof

CallNtPowerInformation

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

7ade23cf90b842d6a9620c740656bcfa

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

kernel32

fltlib

pdh

bcrypt

psapi

shell32

powrprof

oleaut32

Sections

.text Size: 305KB - Virtual size: 305KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 11KB - Virtual size: 11KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 305KB - Virtual size: 305KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 11KB - Virtual size: 11KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 3KB - Virtual size: 2KB