MDE_File_Sample_12c48f47f450042c2cf57cf0bd11a847e28c0a4b[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_12c48f47f450042c2cf57cf0bd11a847e28c0a4b.zip
Size

84KB
MD5

41c49a98a49d4e508c54f5e17d2d4f39
SHA1

95848ca54890af0b472022eb862d04724e0e1758
SHA256

0f4b26e64771d28df81949838f7b78e2caf5e76e8d6f1e42ae4b520ca475a07e
SHA512

5e535388d0cc7584f9cb14df25e9920a2601b6b41c0b4ea9dc204430f4be8c95f90d7d344b977cce16520c5b074ddd1b0035b5bb3394f43c21c659edfa7fd8d5
SSDEEP

1536:hOV0CtVWmM3XgPwVSvR+LAOC0DPUsfqx+f55jlG6EvpQ3Sql7IWofYdWOP7NO6:h9sWmM3wIVSvR+LdCusuqxajU6E70oUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wscript.exe

Files

MDE_File_Sample_12c48f47f450042c2cf57cf0bd11a847e28c0a4b.zip
.zip

Password: infected
wscript.exe
.exe windows:10 windows x64 arch:x64

8e38120cbab568a4a9e02a52a69d8f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wscript.pdb

Imports

msvcrt

wcscat_s
_swab
swprintf_s
__C_specific_handler
strcpy_s
_itow_s
memset
free
_callnewh
malloc
sprintf_s
wcscpy_s
_itow
_wcsicmp
_wcsnicmp
wcsncmp
bsearch
_vsnprintf
memmove_s
memcpy_s
_vsnwprintf
_beginthread
_endthread
wcsrchr
memcmp
memcpy
memmove
strcmp

oleaut32

CreateErrorInfo
SetErrorInfo
VariantClear
VariantChangeType
SafeArrayGetElement
LoadTypeLi
VariantCopy
VariantInit
SafeArrayCreate
SysAllocStringByteLen
UnRegisterTypeLi
LoadTypeLibEx
SysAllocString
SafeArrayGetUBound
SafeArrayDestroy
LoadRegTypeLi
SafeArrayCopy
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayPutElement
SafeArrayGetLBound

kernel32

InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
FindClose
GetUserDefaultLCID
FlushFileBuffers
GetTempFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
GetStartupInfoA
AcquireSRWLockShared
ExitProcess
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
GetSystemDirectoryA
EnterCriticalSection
GetPrivateProfileIntA
GetModuleFileNameA
CreateFileA
GetCommandLineW
GetTempPathA
FindFirstFileA
GetCommandLineA
MultiByteToWideChar
FindFirstFileW
GetConsoleMode
GetStdHandle
WideCharToMultiByte
CreateEventA
LoadLibraryExA
GetPrivateProfileStringW
CreateThread
GetPrivateProfileStringA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
CreateFileW
UnmapViewOfFile
LeaveCriticalSection
GetPrivateProfileIntW
CreateFileMappingA
GetLocaleInfoA
GetLocaleInfoW
HeapReAlloc
GetFileSize
MapViewOfFile
SearchPathW
GetSystemDefaultUILanguage
FormatMessageA
LocalFree
LocalAlloc
LoadLibraryExW
GetFileAttributesW
FreeLibrary
GetUserDefaultUILanguage
GetACP
GetVersionExW
GetFullPathNameA
GetFileAttributesA
GetVersionExA
FindResourceExW
LoadResource
GetFullPathNameW
GetModuleFileNameW
GetCPInfo
CreateFileMappingW
SetEvent

user32

SetTimer
CreateWindowExA
MsgWaitForMultipleObjects
GetClassNameA
PostMessageA
IsWindowVisible
TranslateMessage
GetClassInfoA
DefWindowProcA
EnumThreadWindows
MsgWaitForMultipleObjectsEx
PeekMessageA
GetWindowLongPtrA
KillTimer
PostQuitMessage
GetParent
SetWindowLongPtrA
SendMessageA
PostThreadMessageA
GetActiveWindow
MessageBoxW
DispatchMessageA
GetMessageA
CharNextA
LoadStringW
LoadStringA
RegisterClassA

ole32

MkParseDisplayName
CoRegisterMessageFilter
CoGetTreatAsClass
CoInitialize
CLSIDFromString
CoUninitialize
CoGetClassObject
CLSIDFromProgID
CreateFileMoniker
CoGetInterfaceAndReleaseStream
CoCreateInstance
StringFromCLSID
CoRegisterClassObject
CoGetMalloc
CoRevokeClassObject
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CreateBindCtx

advapi32

RegCreateKeyExA
RegEnumKeyExA
IsTextUnicode
RegSetValueExA
RegQueryValueExA
LookupAccountNameW
ReportEventW
RegisterEventSourceW
GetUserNameW
RegQueryValueExW
DeregisterEventSource
RegOpenKeyExW
RegCreateKeyA
RegSetValueExW
RegCloseKey
RegOpenKeyA
RegSetValueA
RegDeleteKeyA
RegQueryValueA
ImpersonateLoggedOnUser
RegCreateKeyExW
RegOpenKeyExA

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8e38120cbab568a4a9e02a52a69d8f37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

kernel32

user32

ole32

advapi32

version

Sections

.text Size: 105KB - Virtual size: 104KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 105KB - Virtual size: 104KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 3KB - Virtual size: 2KB