b74eeceea653a111cdc8898ff27ce6e5f8644240e2fbcef2b1804d540e3aefc7[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

b74eeceea653a111cdc8898ff27ce6e5f8644240e2fbcef2b1804d540e3aefc7.zip
Size

2.4MB
MD5

83ea1ac41aacce3d88596fd69050773c
SHA1

f1c06f8615775140ab320db120df2f6db9a11a28
SHA256

9174fe2826164101bfc0e834e777765c313fb9d8f2653e29b1101121711c1e7e
SHA512

49841083144b7827af86a8bbe8ccf7032364bfa88afb1ef07b10c84e0fb2b893e006dc008490837ff6075fba7d3c0bb00471aac0fc91c6ebb87807ed6a76ed68
SSDEEP

49152:CWtLXOWPXY/+3IURosRdUe2yhMugM+GP7gWD8iQfsHgJeBWF:ZtKJZSUhkvRPlIuHgJyW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b74eeceea653a111cdc8898ff27ce6e5f8644240e2fbcef2b1804d540e3aefc7

Files

b74eeceea653a111cdc8898ff27ce6e5f8644240e2fbcef2b1804d540e3aefc7.zip
.zip

Password: infected
b74eeceea653a111cdc8898ff27ce6e5f8644240e2fbcef2b1804d540e3aefc7
.exe windows:6 windows x86 arch:x86

Password: infected

395505b55ef4c98ad74986b2c76bafb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SystemFunction036
CopySid
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
IsValidSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetLengthSid

ucrtbase

free
realloc
calloc
_msize
malloc
_set_new_mode
_configthreadlocale
log
__setusermatherr
_dclass
ceil
truncf
roundf
exp2f
pow
_initterm
_initterm_e
_c_exit
_configure_narrow_argv
_set_app_type
_crt_atexit
exit
_Exit
_register_onexit_function
_seh_filter_exe
__p___argc
__p___argv
_cexit
_endthreadex
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_beginthreadex
abort
_controlfp_s
_initialize_onexit_table
_get_initial_narrow_environment
terminate
_set_fmode
__p__commode
wcsncmp
strcpy_s
strcspn
strcmp
wcslen
strncmp
strlen
_localtime64_s
_rotl64
qsort

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CryptUnprotectData
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateChain

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCW
GetDeviceCaps
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
SelectObject

kernel32

GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
TlsFree
WakeAllConditionVariable
GetSystemInfo
SetThreadStackGuarantee
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
DeleteFileW
CopyFileExW
AddVectoredExceptionHandler
FindClose
TlsAlloc
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetCurrentThread
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
SetLastError
TerminateProcess
IsProcessorFeaturePresent
ReadProcessMemory
VirtualQueryEx
InitializeSListHead
LocalFree
IsDebuggerPresent
OpenProcess
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
RtlUnwind
LoadLibraryExA
FreeLibrary
GetProcAddress
EncodePointer
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
GetModuleHandleA
SwitchToThread
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetFileInformationByHandle
FlushFileBuffers
GetModuleFileNameW
GetFileInformationByHandle
WaitForSingleObject
GetExitCodeProcess
CreateFileW
AcquireSRWLockExclusive
ReleaseSRWLockShared
LoadLibraryExW
TlsGetValue
TlsSetValue
HeapReAlloc
GetLastError
WakeConditionVariable
CloseHandle
HeapFree

kernelbase

InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WaitOnAddress
WakeByAddressSingle
FlsAlloc
FlsSetValue
InitializeCriticalSectionEx

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetVersion

combase

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

oleaut32

SafeArrayDestroy
VariantClear
SysFreeString
GetErrorInfo
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocStringLen
SysStringLen

pdh

PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

rstrtmgr

RmStartSession
RmRegisterResources
RmGetList

secur32

DeleteSecurityContext
AcceptSecurityContext
AcquireCredentialsHandleA
SealMessage
InitializeSecurityContextW
FreeCredentialsHandle
ApplyControlToken
UnsealMessage
QueryContextAttributesW
FreeContextBuffer

shell32

CommandLineToArgvW

user32

GetCursorPos
GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW

ws2_32

select
WSAStartup
recv
getaddrinfo
accept
setsockopt
bind
send
WSASend
shutdown
ioctlsocket
socket
getsockopt
closesocket
connect
WSAIoctl
WSACleanup
listen
WSASocketW
getsockname
WSAGetLastError
getpeername
freeaddrinfo

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

395505b55ef4c98ad74986b2c76bafb5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ucrtbase

bcrypt

crypt32

gdi32

kernel32

kernelbase

ntdll

combase

oleaut32

pdh

powrprof

psapi

rstrtmgr

secur32

shell32

user32

ws2_32

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 24KB - Virtual size: 24KB

.reloc Size: 124KB - Virtual size: 124KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 24KB - Virtual size: 24KB

.reloc
Size: 124KB - Virtual size: 124KB