035469c61aa2b7ef91647609b70782229a23dacd7346771c29641fe220fb0083[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

035469c61aa2b7ef91647609b70782229a23dacd7346771c29641fe220fb0083.zip
Size

145KB
MD5

6464c84a5de06c46c96aa2ab5e6c2f2c
SHA1

d2e0e08d3ce0fadb1a0c7636116d9c41d3051a1f
SHA256

5aabd809890cf844bdeb8b184d3580e6aac448e61121cafcae2c7e86953502b8
SHA512

5585e4f895e11720f28a29ee3a8afc9dec099b40af1dc1af234b6574b225396719d76a3f758ad63ed2ee86ad0e93fcd004879de7bec05466ecad3eab26ba3769
SSDEEP

3072:See8OrP98zZOWawOpszfxCDMuWXIyCb+4pWwkGrjxri8BB:See8OL9GZtEWpCD/mVC7WVqBB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/035469c61aa2b7ef91647609b70782229a23dacd7346771c29641fe220fb0083

Files

035469c61aa2b7ef91647609b70782229a23dacd7346771c29641fe220fb0083.zip
.zip

Password: infected
035469c61aa2b7ef91647609b70782229a23dacd7346771c29641fe220fb0083
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

Password: infected

05d1e64643fea1273d11e424f51dc81b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
GlobalLock
GlobalUnlock
CreateThread
GetComputerNameA
ExpandEnvironmentStringsA
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetCurrentProcessId
IsWow64Process
AddAtomA
CloseHandle
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateToolhelp32Snapshot
DeleteFileA
DeleteFileW
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTime
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
InterlockedIncrement
LoadLibraryA
LoadLibraryW
MoveFileA
MoveFileW
MultiByteToWideChar
OpenMutexA
Process32First
Process32Next
ReadFile
ReleaseMutex
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
Sleep
SleepEx
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlen

userenv

CreateEnvironmentBlock

wtsapi32

QueryUserToken

advapi32

GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserA
OpenProcessToken
CryptAcquireContextA
CryptDecrypt
CryptImportKey
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

wininet

InternetGetConnectedStateEx
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetConnectA
InternetWriteFile
InternetCloseHandle
HttpSendRequestExA
HttpOpenRequestA
HttpEndRequestA
InternetSetOptionA
HttpSendRequestA
HttpQueryInfoA

user32

ToUnicodeEx
GetKeyboardState
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
GetForegroundWindow
GetWindowThreadProcessId
GetWindowTextA
CloseClipboard
RegisterClassExA
CreateWindowExA
SetClipboardViewer
GetKeyState
GetKeyboardLayout
MapVirtualKeyExA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
DispatchMessageA
GetClientRect
GetDC
GetDesktopWindow
GetLastInputInfo
GetMessageA
LoadCursorA
LoadIconA
ReleaseDC
TranslateMessage

psapi

GetModuleFileNameExA

ws2_32

WSACleanup
WSAStartup
closesocket
connect
htons
inet_addr
recv
send
socket
WSASocketA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject

msvcrt

_strcmpi
_strlwr
_strupr
_unlink
__dllonexit
_assert
_close
_errno
_lseek
_mkdir
_open
_read
_snwprintf
_strdate
_strlwr
_strrev
_strtime
_strupr
vsnprintf
_wcsupr
_wfopen
_wmkdir
_write
_wrmdir
abort
atoi
atol
exit
fclose
fflush
fopen
fprintf
putc
fputs
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
rand
realloc
rewind
sprintf
srand
strcat
strchr
strcmp
strcpy
strlen
strncpy
strstr
strtok
swprintf
time
tmpnam
wcscat
wcscmp
wcscpy
wcslen
wcsrchr

Exports

Exports

Alloc
Control_Provider
RatingSetupUI
Telephon

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

05d1e64643fea1273d11e424f51dc81b

Headers

File Characteristics

Imports

kernel32

userenv

wtsapi32

advapi32

wininet

user32

psapi

ws2_32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 76KB - Virtual size: 76KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: 40KB - Virtual size: 40KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 76KB - Virtual size: 76KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 40KB - Virtual size: 40KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 18KB - Virtual size: 18KB