c86b5ec5a34a032695c7ae6cce4a0ab348e9ebf71d248fc56720a052b83440ae[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c86b5ec5a34a032695c7ae6cce4a0ab348e9ebf71d248fc56720a052b83440ae.zip
Size

143KB
MD5

e80fc4ce759ac815aa3792ea4219e9e6
SHA1

c071bf3985522f750876190a3f5a19d755935b93
SHA256

b64cb00e58f1903a7379e8bc15914daaba8740bdf51394f40f21c79fe177d5fc
SHA512

20e4b91a102dee66d75c1b4e3ed636e85c22a346e8f003cf5e97e90406e8129a2532ece5b18633031a6fb773e3efbba9c13288bbbd91c72a686826db7cdb4142
SSDEEP

3072:N3mx6TE0QDfC8NiHbREgfxChRMKZmruzCp7U37DclQTuDRbNRbn:N3s0QeXHVmRMW5ep7Ss+gxNpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c86b5ec5a34a032695c7ae6cce4a0ab348e9ebf71d248fc56720a052b83440ae

Files

c86b5ec5a34a032695c7ae6cce4a0ab348e9ebf71d248fc56720a052b83440ae.zip
.zip

Password: infected
c86b5ec5a34a032695c7ae6cce4a0ab348e9ebf71d248fc56720a052b83440ae
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

Password: infected

24dd5e1ff008f2e8a121c479add6c292

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptDecrypt
CryptImportKey
GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateToolhelp32Snapshot
DeleteFileA
DeleteFileW
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileSize
GetFileTime
GetLastError
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetSystemTime
GetTempPathA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
InterlockedIncrement
LoadLibraryA
LoadLibraryW
MoveFileA
MoveFileW
MultiByteToWideChar
OpenMutexA
Process32First
Process32Next
ReadFile
ReleaseMutex
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
Sleep
SleepEx
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

msvcrt

_stricmp
_strlwr
_strupr
_unlink
__dllonexit
_assert
_close
_errno
_lseek
_mkdir
_open
_read
_snwprintf
_strdate
_strlwr
_strrev
_strtime
_strupr
_vsnprintf
_wcsupr
_wfopen
_wmkdir
_write
_wrmdir
abort
atoi
atol
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
malloc
memcpy
memset
rand
realloc
rewind
sprintf
srand
strcat
strchr
strcmp
strcpy
strlen
strncpy
strstr
strtok
swprintf
time
tmpnam
wcscat
wcscmp
wcscpy
wcslen
wcsrchr

user32

DefWindowProcA
DispatchMessageA
GetClientRect
GetDC
GetDesktopWindow
GetLastInputInfo
GetMessageA
LoadCursorA
LoadIconA
ReleaseDC
TranslateMessage

Exports

Exports

Alloc
Control_Provider
RatingSetupUI
Telephon

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

24dd5e1ff008f2e8a121c479add6c292

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 76KB - Virtual size: 76KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: 40KB - Virtual size: 40KB

.edata Size: 4KB - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 76KB - Virtual size: 76KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: 40KB - Virtual size: 40KB

.edata
Size: 4KB - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB