d06d9adef8856bce595a9d7729ede54a4b40b4105a10a70148a55413915f8ae1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d06d9adef8856bce595a9d7729ede54a4b40b4105a10a70148a55413915f8ae1.zip
Size

23.3MB
MD5

d3d5f59310c45b27321bbe4f9a893ed8
SHA1

098bfb8c3e859818dcb08c59da150309f417efae
SHA256

a4afbbfb8ec598071cdb93b2f78d0d8db0062d702961a4fcb277e98614c25ae4
SHA512

902128f03a780aa7a67fc6cb00a05b64ef629915e41c8efdd6aae2fd3ceb684fe2cf61def93e46c9d983a8ccfa0df8c1d2795da424973850e6ebcb1ba4dc7e84
SSDEEP

393216:eE5G8aZYcKzfpV7d6RrsN4lb82eeJhl21sYWgSEcY+YdI6NsSidoCXal0mg9TNWs:eE5iZYcgpRgRrsaleeXYiNXEcDYdI6NA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d06d9adef8856bce595a9d7729ede54a4b40b4105a10a70148a55413915f8ae1

Files

d06d9adef8856bce595a9d7729ede54a4b40b4105a10a70148a55413915f8ae1.zip
.zip

Password: infected
d06d9adef8856bce595a9d7729ede54a4b40b4105a10a70148a55413915f8ae1
.exe windows:6 windows x64 arch:x64

Password: infected

9da18038e0ba9a33fbbaf76636ea1aff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

._5~
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.symtab
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

.rp\
Size: 8.0MB - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.n"H
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.A;^
Size: 15.5MB - Virtual size: 15.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

9da18038e0ba9a33fbbaf76636ea1aff

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 820KB - Virtual size: 820KB

.pdata Size: 64KB - Virtual size: 64KB

.xdata Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

._5~ Size: 52KB - Virtual size: 52KB

.symtab Size: 4KB - Virtual size: 4KB

.rp\ Size: 8.0MB - Virtual size: 8.0MB

.n"H Size: 4KB - Virtual size: 4KB

.A;^ Size: 15.5MB - Virtual size: 15.5MB

.reloc Size: 4KB - Virtual size: 4KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 820KB - Virtual size: 820KB

.pdata
Size: 64KB - Virtual size: 64KB

.xdata
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

._5~
Size: 52KB - Virtual size: 52KB

.symtab
Size: 4KB - Virtual size: 4KB

.rp\
Size: 8.0MB - Virtual size: 8.0MB

.n"H
Size: 4KB - Virtual size: 4KB

.A;^
Size: 15.5MB - Virtual size: 15.5MB

.reloc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 16KB - Virtual size: 16KB