10062b20e7ff6fc7edf5764599bba4e0b1caf9a00d62429f77798a49b822fcc6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10062b20e7ff6fc7edf5764599bba4e0b1caf9a00d62429f77798a49b822fcc6.zip
Size

5.2MB
MD5

b486cc13c08a98aba6017056e305f31b
SHA1

f3014c6bec1d17f97eed7d4842475b781e6350d1
SHA256

9181390801bef55393dd57ef81c5fa369ef95c5226c17a0b9b05f541e1e78a6a
SHA512

dfc90c9077e4990e3ef4007fc696c6af3d29c9cf2b90243d79a0a4c3a7cba7587cd0e25f30ccfba70d2623ed7021fc3914769edef622f29991641eb05f25d084
SSDEEP

98304:Pi8wNfb2PDgarI3vRAIvFyCKrh1txBEcRZ5/WQmyoesLh:PZwNfb2Ua4+lPZ5PmNeOh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10062b20e7ff6fc7edf5764599bba4e0b1caf9a00d62429f77798a49b822fcc6.exe

Files

10062b20e7ff6fc7edf5764599bba4e0b1caf9a00d62429f77798a49b822fcc6.zip
.zip

Password: infected
10062b20e7ff6fc7edf5764599bba4e0b1caf9a00d62429f77798a49b822fcc6.exe
.exe windows:6 windows x86 arch:x86

43c6c2d62ee98d5643e26d2af21c23b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmAssociateContext

oleaut32

SafeArrayCreateVector
SysAllocString
SafeArrayPutElement

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdi32

SelectObject
CreateDIBSection
GdiFlush
BitBlt
OffsetRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateDCW
CreateBitmap
ChoosePixelFormat
GetRegionData
GetPixelFormat
SetPixelFormat
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetDIBits
SelectClipRgn
DescribePixelFormat

uxtheme

GetThemeEnumValue
GetThemeMargins
GetThemePropertyOrigin
GetThemeTransitionDuration
CloseThemeData
GetThemeColor
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetThemeInt
GetThemePartSize
ord47
GetCurrentThemeName
OpenThemeData

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

ole32

CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitialize
CoUninitialize

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AccessCheck
SystemFunction036
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
AllocateAndInitializeSid
CopySid
DuplicateToken
FreeSid
RegQueryInfoKeyW
RegSetValueExW

user32

GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
EnumDisplayDevicesW
RegisterClassW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
EnumWindows
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
UpdateLayeredWindow
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
GetWindowThreadProcessId
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
SetWindowPlacement
SetCapture
GetCapture
IsTouchWindow
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
ShowWindow
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
GetWindowPlacement
ReleaseDC
GetDC
DestroyWindow
DefWindowProcW
SetWindowPos
MoveWindow
SystemParametersInfoW
GetSystemMetrics
SetLayeredWindowAttributes
DestroyMenu
IsWindowVisible
GetSysColor
GetDesktopWindow
GetDoubleClickTime
AttachThreadInput
PostMessageW
SendMessageW
UpdateLayeredWindowIndirect
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
IsWindow
MessageBeep
GetCaretBlinkTime
FlashWindowEx
IsChild
GetClientRect
ReleaseCapture
TranslateMessage
CreateWindowExW

iphlpapi

ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

ws2_32

htonl
WSAAsyncSelect

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
HeapReAlloc
EnumSystemLocalesW
IsValidLocale
HeapFree
HeapAlloc
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetStdHandle
SetFileAttributesW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
RtlUnwind
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
RaiseException
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
GetExitCodeProcess
GetUserGeoID
GetGeoInfoW
GetTimeZoneInformation
GetModuleHandleExW
FreeLibrary
FindNextFileW
FindFirstFileExW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
WideCharToMultiByte
MultiByteToWideChar
RegisterWaitForSingleObject
UnregisterWaitEx
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileType
FlushFileBuffers
GetFileInformationByHandleEx
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
GetVolumePathNamesForVolumeNameW
GetTempPathW
SetFileTime
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
GetModuleFileNameW
GetStartupInfoW
LCMapStringW
CompareStringW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileAttributesExW
CreateFileW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
ResetEvent
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
WaitForMultipleObjects
WaitForSingleObject
DuplicateHandle
LoadLibraryW
GetSystemDirectoryW
CreateEventW
WaitForSingleObjectEx
SetEvent
GetCommandLineW
GetLocalTime
GetSystemTime
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
OutputDebugStringW
CompareStringEx
DeleteCriticalSection
LeaveCriticalSection
HeapSize
InitializeCriticalSection
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetUserDefaultLangID
GetCurrentProcessId
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
OpenProcess
CheckRemoteDebuggerPresent
EnterCriticalSection
CreateProcessW
CloseHandle
ExpandEnvironmentStringsW
SetErrorMode
WTSGetActiveConsoleSessionId
FormatMessageW
LocalFree
GetProcAddress
GetModuleHandleW
GetCurrentThreadId
GetLastError
ExitProcess
Sleep
IsWow64Process
lstrcmpW

shell32

SHGetKnownFolderPath
CommandLineToArgvW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW

winmm

timeSetEvent
timeKillEvent

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

43c6c2d62ee98d5643e26d2af21c23b7

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

wtsapi32

gdi32

uxtheme

dwmapi

ole32

advapi32

user32

iphlpapi

ws2_32

netapi32

userenv

version

kernel32

shell32

winmm

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 92KB - Virtual size: 146KB

.qtmetad Size: 1024B - Virtual size: 770B

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 224KB - Virtual size: 223KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 92KB - Virtual size: 146KB

.qtmetad
Size: 1024B - Virtual size: 770B

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 224KB - Virtual size: 223KB