a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e[.]zip

General

Target

a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.zip
Size

191KB
MD5

6e412177873e0bcfb1a436d7848153da
SHA1

143024db896bc560da213e36c2263293ce8adaa8
SHA256

0923b78ac186b8160a285213a0aa3452254bb0bddccf2797062a0533c825c8f8
SHA512

53a44d4ce1022dc8b5c12f091ca1f304d4189dd8b5c7bdf04bf740cd1431865f78abfefc7253f4dee12589bbabea8fb2589d28102a6a48badcdf04b9db9bd00c
SSDEEP

3072:AbNZz+liGlmNszPDtP3F8ZYKoRX/43UzbHcPaVGjdb9wxHHHu+FeHEnwbMa1W5mZ:AbNtoHl/PN32YHQkzb8Phx9wVnJcRwAZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.exe

Files

a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.zip
.zip

Password: infected
a6ca9783cd3726753c9b69a4ebc0cc0a5d603920efd6de723209e6aacbff064e.exe
.exe windows:5 windows x86 arch:x86

Password: infected

f3ca748f76db44ff1430515217457e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\as34eQSDCrte\uyrtdstrtst\Release\uyrtdstrtst.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
printf
?terminate@@YAXXZ
_access

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f3ca748f76db44ff1430515217457e6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 160KB - Virtual size: 160KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 160KB - Virtual size: 160KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 12KB - Virtual size: 12KB