18232946150[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

18232946150.zip
Size

340KB
MD5

f994be0eb708f230f69156595f2b3206
SHA1

a50bd8c0e32aeb9384ab8b6e85f6f14e30393413
SHA256

5e98236eccd7ba3a5a4ebcad7bea83b561f89713d511e2b518e09d64bf35707e
SHA512

970b2ccd45df69e5c90c8863b9a66b7454f8e36ce0c673a77e13a267094b8c3bd16d77eb1e22e9ccff95479e1cee84f4c566450608c35dce734be2de170cc8c9
SSDEEP

6144:cUJSQWXO5fUzuxrJ2J+zgsTnKyxjV38xGg0mfpupQeu7QKhONNUD31:UOqub2J63+yR806cQdEKhOo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2497b3923df697c659b1334481930b860ebda4159f75fe8081f9cb40a3b642f5

Files

18232946150.zip
.zip

Password: infected
2497b3923df697c659b1334481930b860ebda4159f75fe8081f9cb40a3b642f5
.exe windows:10 windows x64 arch:x64

Password: infected

15c31f2e69f07e4a1476ab4ed70d94ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

PhotoScreensaver.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumValueW
RegQueryValueExW

kernel32

lstrcmpiW
MultiByteToWideChar
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
SetDllDirectoryW
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LoadResource
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetExitCodeThread
CompareStringOrdinal
FindResourceW
CreateFileMappingW
IsProcessorFeaturePresent
lstrlenW
CompareStringW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
LockResource
GetStartupInfoW
GetCommandLineW
GetSystemPowerStatus
GetVersionExW
ExitProcess
VirtualProtect
HeapFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
HeapAlloc
GetProcessHeap
VirtualQuery
CreateThread
WaitForSingleObject
GetUserDefaultUILanguage
EnumUILanguagesW
GetLocaleInfoW
LocalFree
CloseHandle
LocalAlloc
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
DecodePointer
EncodePointer
VirtualAlloc
VirtualFree
RaiseException

user32

GetForegroundWindow
TranslateMessage
LoadIconW
FindWindowW
SetCursor
PostQuitMessage
DialogBoxParamW
GetCursorPos
RegisterClassW
PeekMessageW
DispatchMessageW
GetSystemMetrics
GetMessageW
DestroyWindow
KillTimer
SetTimer
PostMessageW
DefWindowProcW
CreateDialogParamW
GetWindowLongW
AdjustWindowRectEx
GetClientRect
GetWindowRect
SendMessageW
IsWindow
EndDialog
SetWindowPos
UnregisterClassA
SetForegroundWindow
CreateWindowExW
SystemParametersInfoW
GetClassInfoExW
RegisterClassExW
ReleaseDC
GetSysColorBrush
FillRect
DrawTextW
GetDC
GetSysColor
EndPaint
BeginPaint
EnableWindow
SetFocus
CheckDlgButton
IsDlgButtonChecked
MessageBoxW
GetParent
GetDlgItem
SetWindowTextW
CallWindowProcW
InvalidateRect
GetWindowLongPtrW
SetWindowLongPtrW
CharNextW
TrackMouseEvent
GetClassLongPtrW
WindowFromDC
LoadCursorW
GetProcessDefaultLayout
GetActiveWindow
ShowWindow
GetFocus
IsWindowEnabled
IsWindowVisible
GetKeyState
EnumDisplayDevicesW
EnumDisplaySettingsW
MapWindowPoints
SetWindowLongW
GetAncestor
PtInRect
RegisterClipboardFormatW
UpdateWindow
NotifyWinEvent
GetWindowTextW
GetWindowTextLengthW
SetCapture
GetCapture
GetNextDlgTabItem
SetRect
ReleaseCapture
GetWindow

msvcrt

calloc
memmove_s
memset
_purecall
memmove
free
vswprintf_s
_vscwprintf
swprintf_s
malloc
wcsncpy_s
memcpy_s
wcstok
_CxxThrowException
__CxxFrameHandler3
ceilf
memcmp
memcpy
_onexit
__dllonexit
_unlock
_lock
realloc
_errno
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
towlower
wcschr
_vsnwprintf
rand
time
srand
wcspbrk
wcstol
strchr
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtSetInformationProcess

shell32

SHBrowseForFolderW
SHGetIDListFromObject
ord152
SHGetKnownFolderIDList
ord2
ord645
ord644
ord4
SHCreateItemFromIDList
SHAddToRecentDocs
ord102
SHCreateItemWithParent
SHGetFolderPathW

oleaut32

VariantInit
VariantClear
VarUI4FromStr
SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
VariantCopy
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
SysAllocStringLen

ole32

CreateBindCtx
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
PropVariantClear
CLSIDFromString

gdi32

SetDIBitsToDevice
CreateCompatibleDC
CreateDIBSection
GetObjectA
OffsetRgn
GetObjectW
GetDeviceCaps
DeleteObject
SetLayout
GetLayout
CreateRectRgn
CreateRectRgnIndirect
GetRegionData
ExtCreateRegion
BitBlt
RealizePalette
SelectPalette
GetClipRgn
GetStockObject
GetClipBox
SetTextColor
SetBkColor
SelectObject
CreateFontIndirectW
DeleteDC

gdiplus

GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetClipHrgn
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipCreateFont
GdipCreateFontFamilyFromName
GdipSetRenderingOrigin
GdipGetStringFormatFlags
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatDigitSubstitution
GdipDrawString
GdipMultiplyWorldTransform
GdipCreateMatrix2
GdipSetWorldTransform
GdipGetWorldTransform
GdipDeleteMatrix
GdipCreateMatrix
GdipSetTextRenderingHint
GdipGetTextRenderingHint
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdiplusShutdown
GdiplusStartup
GdipCreateHalftonePalette
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipDeletePath
GdipCreateFromHDC
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipAlloc
GdipCloneBrush
GdipFillRectangleI
GdipGetDC
GdipReleaseDC
GdipGetImageWidth
GdipGetImageHeight
GdipGetPageUnit
GdipSetPageUnit
GdipDrawImageRectRectI
GdipFillRectangle
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawImagePointsRectI
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateLineBrush
GdipSetLineSigmaBlend
GdipFillPath
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipDrawPath
GdipMeasureString
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipGetImageGraphicsContext
GdipDeleteFont
GdipCreatePath
GdipCreateHatchBrush
GdipCreatePen2
GdipDrawRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure

comctl32

InitCommonControlsEx

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

shlwapi

PathFindExtensionW

windowscodecs

WICConvertBitmapSource

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromWindow
LresultFromObject

dwmapi

DwmIsCompositionEnabled

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

15c31f2e69f07e4a1476ab4ed70d94ed

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shell32

oleaut32

ole32

gdi32

gdiplus

comctl32

crypt32

shlwapi

windowscodecs

oleacc

dwmapi

Sections

.text Size: 265KB - Virtual size: 264KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 112B

.rsrc Size: 213KB - Virtual size: 212KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 265KB - Virtual size: 264KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 112B

.rsrc
Size: 213KB - Virtual size: 212KB

.reloc
Size: 1KB - Virtual size: 1KB