MDE_File_Sample_9505bf2fda5227b9f2b779c889832596238bd9bb[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_9505bf2fda5227b9f2b779c889832596238bd9bb.zip
Size

34KB
MD5

cdfcaf4a5ea0fcfbde440f7015063ae2
SHA1

58a75b7511061691236417ebaa1f0ecda5b1d946
SHA256

df356df2ba80db3e13b86fa1e4ab88ac8f778f804b81345045340a1f5936be7d
SHA512

c566a6f8e3937a08d71e1bcbd7017c154481895ad79de42d4e640866456e863a1798be327d2f11c169490dc772aecc22f0dbeee2b3a20c343043a8a418fc08bb
SSDEEP

768:Z++9ignbWDZr9Ipe2qFa/d6zOWDJsQ8vHhv0HFhhSz0ay:waiaRe2P/d6zO0JsQk0Fnl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XYNTService.exe

Files

MDE_File_Sample_9505bf2fda5227b9f2b779c889832596238bd9bb.zip
.zip

Password: infected
XYNTService.exe
.exe windows:4 windows x86 arch:x86

Password: infected

489174d9d231ccea99684d62d912b0b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
GetModuleFileNameA
DeleteCriticalSection
GetExitCodeProcess
TerminateProcess
CloseHandle
GetPrivateProfileStringA
CreateProcessA
Sleep
GetCurrentThreadId
GetLastError
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
ExitThread
ResumeThread
CreateThread
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
SetFilePointer
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
ReadFile
HeapSize

user32

GetThreadDesktop
GetUserObjectInformationA
PostThreadMessageA

advapi32

StartServiceCtrlDispatcherA
CreateServiceA
DeleteService
SetServiceStatus
StartServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
LogonUserA
CreateProcessAsUserA
RegisterServiceCtrlHandlerA

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

489174d9d231ccea99684d62d912b0b9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 636B

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 636B