ec9db71e7d7e8018cf1ffd0a5d44240c93418415638e0198fa620899662caef4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ec9db71e7d7e8018cf1ffd0a5d44240c93418415638e0198fa620899662caef4.zip
Size

166KB
MD5

d001f8c44f95d5e30fc3d0c54c28c28e
SHA1

f0b89f6e513369522755722fa41943e9b459a02c
SHA256

3a15c79828125e8eb48f9062235df72fbc4cd335040d3bf9d71ae374b7d51508
SHA512

373d02cef561cd8486f25dc4ee58cebf04b70970bf49c81baa28620378e393ac7672286a7880ef24824283aed576089ec564b1f84c47842a6310746aef88cb60
SSDEEP

3072:CFJ5TbSRudnYIJOXMHGv7iwDaPPp6ufeEYJogXaypDpSYQYvfvNCQwsD8P:C9yTIJW+Gv7iy4HfeVUypDpSqvXNCQwp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ec9db71e7d7e8018cf1ffd0a5d44240c93418415638e0198fa620899662caef4

Files

ec9db71e7d7e8018cf1ffd0a5d44240c93418415638e0198fa620899662caef4.zip
.zip

Password: infected
ec9db71e7d7e8018cf1ffd0a5d44240c93418415638e0198fa620899662caef4
.dll windows:5 windows x86 arch:x86

Password: infected

20190c2bba7572fedd20fa638ed5f176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

TerminateProcess
GetCurrentDirectoryW
GetFullPathNameA
SystemTimeToTzSpecificLocalTime
GetLogicalDrives
ExpandEnvironmentStringsA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
RemoveDirectoryA
CopyFileA
FindClose
MoveFileA
FindNextFileA
GetCurrentProcessId
Thread32First
Thread32Next
CreateToolhelp32Snapshot
CreateThread
SetLastError
GetVersionExA
VirtualAlloc
VirtualProtect
PeekNamedPipe
WaitNamedPipeA
GetNamedPipeInfo
SetNamedPipeHandleState
GetComputerNameA
GetACP
GetModuleFileNameA
GetOEMCP
DeleteProcThreadAttributeList
GetProcessHeap
InitializeProcThreadAttributeList
SetErrorMode
UpdateProcThreadAttribute
ProcessIdToSessionId
Process32First
Process32Next
GetComputerNameExA
GetThreadContext
CreateFileA
SetThreadContext
MapViewOfFile
UnmapViewOfFile
VirtualQuery
VirtualFree
CreateRemoteThread
WriteFile
OpenProcess
CreateProcessA
ReadFile
VirtualProtectEx
VirtualAllocEx
OpenThread
CreateFileMappingA
DuplicateHandle
CloseHandle
WriteProcessMemory
ResumeThread
DeleteFileA
ExitProcess
ExitThread
CreateNamedPipeA
GetCurrentThread
ConnectNamedPipe
GetCurrentProcess
GetCurrentDirectoryA
CreatePipe
GetStartupInfoA
SetCurrentDirectoryA
FlushFileBuffers
DisconnectNamedPipe
MultiByteToWideChar
GetTickCount
WaitForSingleObject
Sleep
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetLastError
HeapCreate
GetModuleFileNameW
DebugBreak
RaiseException
SetEnvironmentVariableW
HeapDestroy
HeapFree
HeapAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
HeapSize
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetCPInfo
SetFilePointer
GetFileType
SetHandleCount
GetConsoleMode
FreeLibrary
ReadProcessMemory
GetLocalTime
GetSystemTimeAsFileTime
GetModuleHandleW
CreateDirectoryA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapReAlloc
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RtlUnwind
WideCharToMultiByte
GetConsoleCP

advapi32

LookupAccountSidA
OpenThreadToken
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
LogonUserA
CheckTokenMembership
FreeSid
RevertToSelf
AllocateAndInitializeSid
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetUserNameA
CreateProcessWithTokenW
CreateProcessWithLogonW
CreateProcessAsUserA
AdjustTokenPrivileges
ImpersonateNamedPipeClient
ImpersonateLoggedOnUser
LookupPrivilegeValueA

wininet

InternetConnectA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetStatusCallback
HttpSendRequestA
InternetCloseHandle
InternetQueryOptionA
InternetOpenA

ws2_32

ntohs
connect
socket
gethostbyname
send
WSAIoctl
recv
WSACleanup
closesocket
WSASocketA
ntohl
htons
htonl
shutdown
WSAGetLastError
ioctlsocket
accept
listen
__WSAFDIsSet
bind
sendto
select
inet_addr
recvfrom
WSAStartup

Exports

Exports

_ReflectiveLoader@4

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

20190c2bba7572fedd20fa638ed5f176

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

wininet

ws2_32

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 45KB - Virtual size: 77KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 45KB - Virtual size: 77KB

.reloc
Size: 9KB - Virtual size: 8KB