D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\apphost\standalone\apphost.pdb
Static task
static1
1 signatures
General
-
Target
ZDS-OToHtPHuQZm1T5JY7fnN1A__e5bcd262759fb4eda1268e78a3f34a27cbfc1749091cb05a0463a7589bbd8904__sLpVOnPc7qI.zip
-
Size
54KB
-
MD5
0f2ac04766e352dfee5a4bd761dc6c40
-
SHA1
d0fc438c3fe781002d3fa13bf49326583f025e4e
-
SHA256
15ca9c17266935140d05c72a5ec0d9456fe693b9ece1b6d5f7a7574b21c1a4e3
-
SHA512
b76a2212c9b962efa5b60a01e02cb42f4ebf8bc29c1f8d939c77ac999365cb41ca356c77ea37d97a6a60b4ec1c2b17001e7f64b836bd2fabffee344fb8cfac76
-
SSDEEP
768:xdLczpIvLs6hxiHDNZDhDMGW5kWpJ+/zWvbt3mv7r3Bg2PDUZZa8De6+PuIY:XwqRxijJDNIO7WZO5g1rtv+PuV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/e5bcd262759fb4eda1268e78a3f34a27cbfc1749091cb05a0463a7589bbd8904
Files
-
ZDS-OToHtPHuQZm1T5JY7fnN1A__e5bcd262759fb4eda1268e78a3f34a27cbfc1749091cb05a0463a7589bbd8904__sLpVOnPc7qI.zip.zip
Password: infected
-
e5bcd262759fb4eda1268e78a3f34a27cbfc1749091cb05a0463a7589bbd8904.exe windows:6 windows x86 arch:x86
Password: infected
0d90721887af12fe657c83b997d03c6f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
FreeLibrary
LoadLibraryExW
OutputDebugStringW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
GetEnvironmentVariableW
GetModuleHandleW
MultiByteToWideChar
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetProcAddress
GetWindowsDirectoryW
FindResourceW
GetLastError
ActivateActCtx
FindClose
CreateActCtxW
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetStringTypeW
SwitchToThread
GetCurrentThreadId
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
user32
MessageBoxW
shell32
ShellExecuteW
advapi32
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
__p___argc
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_errno
_initialize_onexit_table
abort
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s
__p___wargv
api-ms-win-crt-stdio-l1-1-0
_set_fmode
fputwc
__p__commode
__acrt_iob_func
fputws
_wfsopen
fflush
__stdio_common_vfwprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
setvbuf
api-ms-win-crt-heap-l1-1-0
calloc
_set_new_mode
free
_callnewh
malloc
api-ms-win-crt-string-l1-1-0
toupper
_wcsdup
wcsncmp
wcsnlen
strcpy_s
api-ms-win-crt-convert-l1-1-0
wcstoul
_wtoi
api-ms-win-crt-time-l1-1-0
_gmtime64_s
_time64
wcsftime
api-ms-win-crt-locale-l1-1-0
___mb_cur_max_func
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
__pctype_func
_lock_locales
setlocale
_unlock_locales
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 27KB - Virtual size: 27KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ