8d2690e386a6db96e239c798a2f8dd807105ecae862fea69e132b442b0fc6cae[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8d2690e386a6db96e239c798a2f8dd807105ecae862fea69e132b442b0fc6cae.zip
Size

143KB
MD5

bcde8ff056d80b4a30bddd3dd49e891b
SHA1

8f19566b6f13452e98df89a508897d358101bba5
SHA256

f5eac7f90593347ad8d52c49e85284308c0e2868a049854d1a05ae01355eaded
SHA512

281d27dce561cac0f5a93f59ffb0d7ab086e31555917e65fa31c550ca8d7321cf5c76beb0c7462e01acf83748e7ad3ed52d7cb43a5216840b51d8b4088d93335
SSDEEP

3072:qELO9kClDcr6lK9+ZuHe0d0fF5vDirSUSSd9rn6Mgtvmld/n:qELOZDPVZSCd9Ad9r6MgM/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8d2690e386a6db96e239c798a2f8dd807105ecae862fea69e132b442b0fc6cae

Files

8d2690e386a6db96e239c798a2f8dd807105ecae862fea69e132b442b0fc6cae.zip
.zip

Password: infected
8d2690e386a6db96e239c798a2f8dd807105ecae862fea69e132b442b0fc6cae
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

Password: infected

24dd5e1ff008f2e8a121c479add6c292

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptDecrypt
CryptImportKey
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateToolhelp32Snapshot
DeleteFileA
DeleteFileW
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTime
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
InterlockedIncrement
LoadLibraryA
LoadLibraryW
MoveFileA
MoveFileW
MultiByteToWideChar
OpenMutexA
Process32First
Process32Next
ReadFile
ReleaseMutex
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
Sleep
SleepEx
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_stricmp
_strlwr
_strupr
_unlink
__dllonexit
_assert
_close
_errno
_lseek
_mkdir
_open
_read
_snwprintf
_strdate
_strlwr
_strrev
_strtime
_strupr
_vsnprintf
_wcsupr
_wfopen
_wmkdir
_write
_wrmdir
abort
atoi
atol
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
rand
realloc
rewind
sprintf
srand
strcat
strchr
strcmp
strcpy
strlen
strncpy
strstr
strtok
swprintf
time
tmpnam
wcscat
wcscmp
wcscpy
wcslen
wcsrchr

user32

DefWindowProcA
DispatchMessageA
GetClientRect
GetDC
GetDesktopWindow
GetLastInputInfo
GetMessageA
LoadCursorA
LoadIconA
ReleaseDC
TranslateMessage

Exports

Exports

Alloc
Control_Provider
RatingSetupUI
Telephon

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

24dd5e1ff008f2e8a121c479add6c292

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 76KB - Virtual size: 76KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: 40KB - Virtual size: 40KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 76KB - Virtual size: 76KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 40KB - Virtual size: 40KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB