633f45142718481dec8204ab38bb6048b6bbda55284c2e02718014ba6b7c2ab3[.]zip

General

Target

633f45142718481dec8204ab38bb6048b6bbda55284c2e02718014ba6b7c2ab3.zip
Size

2.4MB
MD5

1cb72b8b684116af591212b47a4fee81
SHA1

2b0f3382c5de25b7863a1af5ff6abec19f6d9fe5
SHA256

38d33eaf189149fadb698c6b05044fd46c9e8cdd1f21de8e7fa533f985c1260f
SHA512

4a56c0aa5b6ab2f3af1dda234689d701a992fad388909f7952f55e7bc97f2b704108eb9c96e3462c4d062fdbdda3a98f0bb34196e940dcb4c8a59899f06d1477
SSDEEP

49152:O7idO/yv+MwwSkxooK+NB4rr+cMWMxW3Usrz7NFkJYuSpprRFSCgIvWis:syv+oxoG4X+cMWYazpFkJVMprD1vvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/633f45142718481dec8204ab38bb6048b6bbda55284c2e02718014ba6b7c2ab3.dll

Files

633f45142718481dec8204ab38bb6048b6bbda55284c2e02718014ba6b7c2ab3.zip
.zip

Password: infected
633f45142718481dec8204ab38bb6048b6bbda55284c2e02718014ba6b7c2ab3.dll
.dll windows:5 windows x86 arch:x86

Password: infected

37e89b00b9e59d50b8d5a6dfe0d27623

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
SetPriorityClass
GetModuleHandleW
AreFileApisANSI
GetStringTypeA
OutputDebugStringA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetProcAddress
TlsGetValue
TlsSetValue
SetLastError
GetCurrentThreadId
GetLastError
CompareStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
HeapFree
Sleep
ExitProcess
GetLocaleInfoA
HeapAlloc
InitializeCriticalSectionAndSpinCount
WriteFile
GetStdHandle
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
LoadLibraryA
RtlUnwind

mprapi

MprAdminMIBEntrySet

gdi32

SetDCPenColor

oleaut32

GetRecordInfoFromGuids

user32

GetActiveWindow
SetForegroundWindow

Exports

Exports

AwcdthodsHlu

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

37e89b00b9e59d50b8d5a6dfe0d27623

Headers

File Characteristics

Imports

kernel32

mprapi

gdi32

oleaut32

user32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 336KB - Virtual size: 336KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 172KB - Virtual size: 168KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 336KB - Virtual size: 336KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 172KB - Virtual size: 168KB