ed2098c09a8e20d487e2edee4450fef99cdfedbfa930a3901bd692bc4f3c7b96[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ed2098c09a8e20d487e2edee4450fef99cdfedbfa930a3901bd692bc4f3c7b96.zip
Size

2.4MB
MD5

1e36a33864793d2831b0ba9a93102784
SHA1

fc30e6c1cd7f8e2ddc1da3ca7dbfad8b576c811e
SHA256

147c3dc5c368b8a953256466ddd58aa7dc2bd5ac2c62a942a63fd25094b52d02
SHA512

ddd89a25fb36edf4b3234d7d656c36d89aaf1ab439a87e2ed5c84d3d978d0f4118fcde57fe9a0a96a313d5890c9730e1e3509f96effcb7bf30cffd864f9f0e6f
SSDEEP

49152:ZoDhP6gRdaazy4b8zdKKG4GdaXmXHDcOS8/u74g36xLop6SEGLRc8:EF6gRdaoIwH5zfS8W7oS6S71c8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ed2098c09a8e20d487e2edee4450fef99cdfedbfa930a3901bd692bc4f3c7b96

Files

ed2098c09a8e20d487e2edee4450fef99cdfedbfa930a3901bd692bc4f3c7b96.zip
.zip

Password: infected
ed2098c09a8e20d487e2edee4450fef99cdfedbfa930a3901bd692bc4f3c7b96
.exe windows:6 windows x86 arch:x86

Password: infected

4e06561b596c0472dc0f718161211823

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetTempPathW
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
TlsFree
WakeAllConditionVariable
GetSystemInfo
SetThreadStackGuarantee
SetHandleInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
RtlCaptureContext
AcquireSRWLockShared
InitOnceComplete
DeleteFileW
CopyFileExW
AddVectoredExceptionHandler
FindClose
TlsAlloc
InitOnceBeginInitialize
GlobalMemoryStatusEx
K32GetPerformanceInfo
GetCurrentThread
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
SetLastError
TerminateProcess
IsProcessorFeaturePresent
ReadProcessMemory
VirtualQueryEx
InitializeSListHead
LocalFree
IsDebuggerPresent
OpenProcess
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
RtlUnwind
LoadLibraryExA
FreeLibrary
GetProcAddress
EncodePointer
InitializeCriticalSectionAndSpinCount
ReleaseSRWLockExclusive
GetModuleHandleA
SwitchToThread
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SetFileInformationByHandle
FlushFileBuffers
GetModuleFileNameW
GetFileInformationByHandle
WaitForSingleObject
GetExitCodeProcess
SleepConditionVariableSRW
CreateFileW
AcquireSRWLockExclusive
ReleaseSRWLockShared
LoadLibraryExW
TlsGetValue
TlsSetValue
HeapReAlloc
GetLastError
WakeConditionVariable
CloseHandle
HeapFree

crypt32

CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CryptUnprotectData
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateChain

advapi32

SystemFunction036
CopySid
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
IsValidSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetLengthSid

user32

GetCursorPos
GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsExW

ws2_32

select
WSAStartup
recv
getaddrinfo
accept
setsockopt
bind
send
WSASend
shutdown
ioctlsocket
socket
getsockopt
closesocket
connect
WSAIoctl
WSACleanup
listen
WSASocketW
getsockname
WSAGetLastError
getpeername
freeaddrinfo

ntdll

RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtReadFile
NtWriteFile
NtCancelIoFileEx
NtQuerySystemInformation
NtQueryInformationProcess
RtlGetVersion

bcrypt

BCryptGenRandom

oleaut32

SafeArrayDestroy
VariantClear
SysFreeString
GetErrorInfo
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocStringLen
SysStringLen

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateDCW
GetDeviceCaps
SetStretchBltMode
StretchBlt
GetDIBits
GetObjectW
DeleteObject
SelectObject

rstrtmgr

RmStartSession
RmRegisterResources
RmGetList

secur32

DeleteSecurityContext
AcceptSecurityContext
AcquireCredentialsHandleA
EncryptMessage
InitializeSecurityContextW
FreeCredentialsHandle
ApplyControlToken
DecryptMessage
QueryContextAttributesW
FreeContextBuffer

pdh

PdhCloseQuery
PdhCollectQueryData
PdhOpenQueryA
PdhRemoveCounter
PdhAddEnglishCounterW
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

shell32

CommandLineToArgvW

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
strcspn
strcmp
wcslen
strncmp
strlen

api-ms-win-crt-math-l1-1-0

log
__setusermatherr
_dclass
ceil
truncf
roundf
exp2f
pow

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
_msize
malloc
_set_new_mode

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_c_exit
_configure_narrow_argv
_set_app_type
_crt_atexit
exit
_exit
_register_onexit_function
_seh_filter_exe
__p___argc
__p___argv
_cexit
_endthreadex
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_beginthreadex
abort
_controlfp_s
_initialize_onexit_table
_get_initial_narrow_environment
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4e06561b596c0472dc0f718161211823

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

advapi32

user32

ws2_32

ntdll

bcrypt

oleaut32

ole32

gdi32

rstrtmgr

secur32

pdh

powrprof

shell32

psapi

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 18KB - Virtual size: 20KB

.reloc Size: 111KB - Virtual size: 111KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 18KB - Virtual size: 20KB

.reloc
Size: 111KB - Virtual size: 111KB