240714-tqez9ap993_pw_infected[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

240714-tqez9ap993_pw_infected.zip
Size

415KB
MD5

00960db22478f4cc64d5c701404b3792
SHA1

a064125f7bb926eec57125da084f8bd0547d0903
SHA256

dd723345cb7200a7e70046d2cc4e440c7986ce96997fdb1d49026f29cad8733f
SHA512

a94abefcce12ee3b59316bfec28c4cfd730f86283c6194f5f14381ea9b4a54d73a4d3ab6ce9546429cf2de3c2e9a05fb63a3a1a7ecce5721a3eb5abdb990e98b
SSDEEP

6144:ScDCIwqcQ/LIpC0cCYhmAub0Vn3n1tmbzGZbVvat9GpAeZwSeXTxt6Uv7EAI:SxqcQY5Nb0VnX10biMr8ZbeX9tng

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c40577e0b5784fb65bcb285d578bd2c8b5dd5ed654edb4c3bee5d8f86e86a50e

Files

240714-tqez9ap993_pw_infected.zip
.zip

Password: infected
c40577e0b5784fb65bcb285d578bd2c8b5dd5ed654edb4c3bee5d8f86e86a50e
.exe windows:6 windows x64 arch:x64

ec7e50ee0ec0b16b9bd28cc5198e04e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

advapi32

AllocateAndInitializeSid
CloseServiceHandle
ControlService
EnumDependentServicesW
EnumServicesStatusW
FreeSid
ImpersonateLoggedOnUser
LogonUserW
OpenSCManagerW
OpenServiceW
SetEntriesInAclW
SetNamedSecurityInfoW
SystemFunction036

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CloseHandle
CompareStringW
CreateConsoleScreenBuffer
CreateFileW
CreateMutexA
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
ExitProcess
ExitThread
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileExA
FindFirstFileW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LocalFree
MoveFileExW
MultiByteToWideChar
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetConsoleActiveScreenBuffer
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetEnvironmentVariableA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

rstrtmgr

RmEndSession
RmGetList
RmRegisterResources
RmShutdown
RmStartSession

shell32

ShellExecuteA

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 361B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ec7e50ee0ec0b16b9bd28cc5198e04e3

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

kernel32

netapi32

rstrtmgr

shell32

ntdll

Sections

.text Size: 612KB - Virtual size: 612KB

.rdata Size: 176KB - Virtual size: 176KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 20KB - Virtual size: 19KB

.00cfg Size: 512B - Virtual size: 56B

.gfids Size: 512B - Virtual size: 128B

.tls Size: 512B - Virtual size: 361B

_RDATA Size: 512B - Virtual size: 500B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 612KB - Virtual size: 612KB

.rdata
Size: 176KB - Virtual size: 176KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 20KB - Virtual size: 19KB

.00cfg
Size: 512B - Virtual size: 56B

.gfids
Size: 512B - Virtual size: 128B

.tls
Size: 512B - Virtual size: 361B

_RDATA
Size: 512B - Virtual size: 500B

.reloc
Size: 5KB - Virtual size: 5KB