fd864a52e1f9ab8b8d249a78dfabc8f2624a7669af8a1dccc48025e98258387f

Sharing

Copy URL

Twitter E-mail

General

Target

fd864a52e1f9ab8b8d249a78dfabc8f2624a7669af8a1dccc48025e98258387f
Size

146KB
MD5

d5217d8a738309a0d239c3a5ad35c33a
SHA1

6381255547f527d3571fac8446a6caec2f6c811b
SHA256

fd864a52e1f9ab8b8d249a78dfabc8f2624a7669af8a1dccc48025e98258387f
SHA512

8b9dd14a7038c9f2f858c9c096d02dc44d741aed3c68fce9e32330de745540771e057d20de2f7c95fa7d5d733ee2ffbd45e54e74635adb97b22d2320b78a8cca
SSDEEP

3072:hP5wv6G6iVof9zxkaUWmkYh4bc7BtsoDg/9OooHD:DO69lzxkDWmk+4MBtXRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dd02277915ac5c15707202a07cdeb81789c3689c9598e1ae8b1d3ec4739db919.exe

Files

fd864a52e1f9ab8b8d249a78dfabc8f2624a7669af8a1dccc48025e98258387f
.zip

Password: infected
dd02277915ac5c15707202a07cdeb81789c3689c9598e1ae8b1d3ec4739db919.exe
.exe windows:6 windows x64 arch:x64

d699de932eaf36fa0f236ef101dcee7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtClose
NtWriteFile
NtMapViewOfSection
NtSetInformationFile
RtlInitUnicodeString
NtSetInformationProcess
RtlAdjustPrivilege
NtCreateSection
NtOpenFile

user32

wsprintfA

oleaut32

VariantClear

shlwapi

PathFindFileNameW

advapi32

GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetTokenInformation

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenW

shell32

SHGetFolderPathA
SHGetFolderPathW

kernel32

LoadLibraryExW
HeapReAlloc
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
FreeEnvironmentStringsW
GetEnvironmentStringsW
OutputDebugStringW
QueryPerformanceCounter
GetModuleHandleW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetConsoleMode
GetConsoleCP
FlushFileBuffers
ReadConsoleW
SetStdHandle
WriteConsoleW
GetTickCount64
CreateProcessW
SetFilePointerEx
GetStartupInfoW
InitOnceExecuteOnce
GetFileType
HeapSize
GetStdHandle
GetModuleHandleExW
GetCurrentThreadId
GetThreadContext
GetTempFileNameW
GetFileSize
SetThreadContext
SetFilePointer
GetCurrentProcess
WaitForSingleObject
WriteFile
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLastError
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
Wow64SetThreadContext
CloseHandle
WriteProcessMemory
ResumeThread
Wow64GetThreadContext
CreateThread
HeapAlloc
GetProcessHeap
Sleep
Process32First
CreateRemoteThread
Process32Next
CreateToolhelp32Snapshot
VirtualProtectEx
ExitProcess
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CompareFileTime
VirtualFree
GetWindowsDirectoryA
GetProcessTimes
GetVolumeInformationA
CopyFileW
TerminateProcess
ReadFile
lstrcatA
CreateDirectoryA
VirtualAlloc
CopyFileA
SetFileAttributesA
FindClose
Process32FirstW
CreateFileMappingA
IsWow64Process
GetModuleFileNameA
Process32NextW
CreateMutexA
IsDebuggerPresent
FindNextFileW
DeleteFileW
SetFileAttributesW
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
HeapFree
GetCPInfo
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
GetOEMCP
SetLastError

Exports

Exports

Start

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

d699de932eaf36fa0f236ef101dcee7e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

oleaut32

shlwapi

advapi32

wininet

shell32

kernel32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 83KB - Virtual size: 94KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 83KB - Virtual size: 94KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 7KB - Virtual size: 7KB