fe7ab78e2f6dc10b758707a7ba41a0aabe989eb00746ba0696861d373c64e499 (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

fe7ab78e2f6dc10b758707a7ba41a0aabe989eb00746ba0696861d373c64e499 (1).zip
Size

121KB
MD5

57d02d40c7be9352b318a0f1fc5e324d
SHA1

a4664abbc01f33bcf4ce417d4a230157a2fdd6f1
SHA256

19e4f8ff03a43deed7c4145070f4161db1b8dcf7de7b6169db501ce13cb6d669
SHA512

3573cbbf2abc657970e2d486f39c223b9873f29ce031197ce35ce984cf9b93d6cd09f38a9b3f5bc1ca3a72d222c9814a3bae44293fe201f73f627054a716e1be
SSDEEP

3072:bYSwp1o9tZtdcaRNvT+14nRm4C3TQoicT6uUw0:btvLZt33Tg4A4CDQoicmR5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fe7ab78e2f6dc10b758707a7ba41a0aabe989eb00746ba0696861d373c64e499.exe

Files

fe7ab78e2f6dc10b758707a7ba41a0aabe989eb00746ba0696861d373c64e499 (1).zip
.zip

Password: infected
fe7ab78e2f6dc10b758707a7ba41a0aabe989eb00746ba0696861d373c64e499.exe
.exe windows:5 windows x86 arch:x86

Password: infected

4d3edea12b0f02b502231d48e469cf3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetCurrentProcess
CreateJobObjectW
HeapFree
GetEnvironmentStringsW
SetHandleInformation
GetUserDefaultLCID
GetModuleHandleW
EnumCalendarInfoExW
GenerateConsoleCtrlEvent
GetConsoleAliasExesW
EnumTimeFormatsA
EnumTimeFormatsW
GetDriveTypeA
GetEnvironmentStrings
GlobalAlloc
LoadLibraryW
IsValidLocale
GetCalendarInfoW
SetVolumeMountPointA
GetExitCodeProcess
GetConsoleAliasW
GetStartupInfoW
GetPrivateProfileIntW
InterlockedExchange
OpenMutexW
SetLastError
EnumDateFormatsExA
MoveFileExW
EnumSystemCodePagesW
GetNumaHighestNodeNumber
LoadLibraryA
UnhandledExceptionFilter
MoveFileA
AddVectoredExceptionHandler
GlobalGetAtomNameW
FindNextChangeNotification
AddAtomA
GetPrivateProfileSectionNamesA
FindNextFileA
EnumDateFormatsA
GlobalUnWire
SetLocaleInfoW
EnumResourceNamesA
FindNextFileW
CreateMailslotA
VirtualProtect
GetCurrentDirectoryA
FatalAppExitA
PeekConsoleInputA
GetShortPathNameW
OpenSemaphoreW
FindFirstVolumeA
ReadConsoleOutputCharacterW
CloseHandle
CommConfigDialogA
FindFirstFileW
GetCommandLineW
GetFileSize
GetVolumeNameForVolumeMountPointA
RemoveDirectoryA
CreateFileW
ReadFile
FlushFileBuffers
HeapSize
GetLastError
HeapAlloc
DeleteFileA
HeapSetInformation
DecodePointer
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
HeapCreate
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
RaiseException
RtlUnwind
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapReAlloc

user32

GetMessagePos

gdi32

GetCharABCWidthsW
GetTextFaceW
SelectPalette

advapi32

LookupAccountSidW

shell32

DragFinish

winhttp

WinHttpWriteData

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 15.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4d3edea12b0f02b502231d48e469cf3f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

winhttp

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 89KB - Virtual size: 15.5MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 89KB - Virtual size: 15.5MB

.rsrc
Size: 17KB - Virtual size: 16KB