12_50_43[.]296[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

12_50_43.296.zip
Size

40KB
MD5

331d02a70ec44c6333feecb5653bff3b
SHA1

ceffba115d734c7b3199eff9fb49f47ed078582c
SHA256

719e472f5c8b1bf9362836c9a6e75a08004adaba07f3a8a57cc082cc702e20b9
SHA512

31d2e47f0b5b7535320dabeac30d56aa18bacc597ca7740ecb1a447b4246ae36dd86f054f77b0a9f6d17ca1cb2ee589651930c9d62a9d12c3cccb769f53119b7
SSDEEP

768:NIaf5lNMSnsKtqVPivDZW20J+L3cR3+y2GiXronfaysk4+JxuDgMrJQL:NIW/NMP5VP8o7Jco2lYfaysk4yuDgMrI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume3/BIOTIME/iclockservice.exe

Files

12_50_43.296.zip
.zip

Password: Password123456
Device/HarddiskVolume3/BIOTIME/iclockservice.exe
.exe windows:5 windows x86 arch:x86

Password: Password123456

9aa3b223174d85699730b48eb2c2a2a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
GetExitCodeProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleFileNameA
OpenProcess
TerminateProcess
CloseHandle
GetPrivateProfileStringA
CreateProcessA
Sleep
GetCurrentThreadId
GetLastError
EnterCriticalSection
GetLocalTime
HeapSize
LeaveCriticalSection
ReadFile
GetProcessHeap
DeleteFileA
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetFileAttributesA
ExitProcess
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
CreateFileA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
WaitForSingleObject
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

user32

GetThreadDesktop
GetUserObjectInformationA
PostThreadMessageA

advapi32

StartServiceCtrlDispatcherA
CreateServiceA
DeleteService
SetServiceStatus
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
LogonUserA
CreateProcessAsUserA
RegisterServiceCtrlHandlerA

psapi

GetModuleFileNameExA
EnumProcesses

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Password123456

Password: Password123456

9aa3b223174d85699730b48eb2c2a2a8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

psapi

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B