3b06e292b27f6d0bd930cc6a2b765bb73e1ee42e41d604e2bd53ed066713cc51[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

3b06e292b27f6d0bd930cc6a2b765bb73e1ee42e41d604e2bd53ed066713cc51.zip
Size

14.2MB
MD5

1b211c8001d9bed9a32d3789142ec7bc
SHA1

6719e536da518b2ebd3d0b4aca4c79271ed1b389
SHA256

d551f1fe2f7236dffaba6197089a0ae9dd7e15ce4af2dee5056d61b7bfe5fedc
SHA512

3c4f8a2f9be36c2437beedf8634bc1153681951dba14da62ea9c116418a5fdf41f887cbdb558e138b0ae1253c300f6961f99e80f722a95bb80bb37ce262eb892
SSDEEP

196608:Fyj1PFIlU3vGZiUZVZ0zElSdiS85cxqc8cI9aOFNAqzynygeAAbh4Cd4NvO:FKpFOUf8iSZ04yusqfrMygeZZD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3b06e292b27f6d0bd930cc6a2b765bb73e1ee42e41d604e2bd53ed066713cc51

Files

3b06e292b27f6d0bd930cc6a2b765bb73e1ee42e41d604e2bd53ed066713cc51.zip
.zip

Password: infected
3b06e292b27f6d0bd930cc6a2b765bb73e1ee42e41d604e2bd53ed066713cc51
.exe windows:5 windows x86 arch:x86

Password: infected

31a67ef2b3bb3a1c95260ee8b932d64a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp100

??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1_Container_base12@std@@QAE@XZ

user32

SetTimer

msvcr100

malloc
free
realloc
_strdup
calloc
_except_handler4_common

kernel32

SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

ntdll

NtdllDefWindowProc_A

gdi32

TextOutA

advapi32

CryptAcquireContextA

shell32

ShellExecuteA

combase

CreateStreamOnHGlobal

ws2_32

ioctlsocket

rpcrt4

UuidCreateSequential

dbgcore

MiniDumpWriteDump

kernelbase

IdnToAscii

wldap32

ldap_msgfree

crypt32

CertCloseStore

gdiplus

GdiplusShutdown

shlwapi

ord44

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30.3MB - Virtual size: 30.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TY'
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.[rp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.AJc
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 605KB - Virtual size: 605KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

31a67ef2b3bb3a1c95260ee8b932d64a

Headers

DLL Characteristics

File Characteristics

Imports

msvcp100

user32

msvcr100

kernel32

ntdll

gdi32

advapi32

shell32

combase

ws2_32

rpcrt4

dbgcore

kernelbase

wldap32

crypt32

gdiplus

shlwapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 30.3MB - Virtual size: 30.3MB

.TY' Size: 4.9MB - Virtual size: 4.9MB

.[rp Size: 4KB - Virtual size: 4KB

.AJc Size: 8.4MB - Virtual size: 8.4MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 605KB - Virtual size: 605KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 30.3MB - Virtual size: 30.3MB

.TY'
Size: 4.9MB - Virtual size: 4.9MB

.[rp
Size: 4KB - Virtual size: 4KB

.AJc
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 605KB - Virtual size: 605KB