12cb564b930afdcf9b2ada35a2747c7482f340ff9249d628c919d9f5ce147ce9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

12cb564b930afdcf9b2ada35a2747c7482f340ff9249d628c919d9f5ce147ce9.zip
Size

1.4MB
MD5

292f20cc964806f6e955731e283d3e09
SHA1

6e13c555c45547db4ba4f62148d9c6860e845462
SHA256

6ab3a18833fa9c0792ebc2bf63509b98196ecdfde28a24add0b116531d13cd51
SHA512

d752eb70da0b03f0ef937185ed47dd11903872b09a1466b60442325e38d66a62e01e17385a189040aa8466624bc6bd5b4c758cd6c818d0d45ff50fe8befcf042
SSDEEP

24576:dXDDWKOslIUcS31v1fToFAuprIowIFw2c/t3Jg0XSTrfAJLN2ydew98TIUyFxB4u:dXPWrsaUcS31ho5IowIBcrgKSTqQ6LyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/12cb564b930afdcf9b2ada35a2747c7482f340ff9249d628c919d9f5ce147ce9.exe

Files

12cb564b930afdcf9b2ada35a2747c7482f340ff9249d628c919d9f5ce147ce9.zip
.zip

Password: infected
12cb564b930afdcf9b2ada35a2747c7482f340ff9249d628c919d9f5ce147ce9.exe
.exe windows:5 windows x86 arch:x86

82c9e1f90d87f1f2ce250d3ccc2e163f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjectsEx
GetKeyNameTextW
VkKeyScanW
MonitorFromWindow
SetSysColors
MapVirtualKeyA
DrawIconEx
SetMenuContextHelpId
CloseWindow
PostThreadMessageW
MessageBoxA
GetUserObjectInformationW
TranslateMessage
IsCharAlphaNumericA
GetThreadDesktop
GetProcessWindowStation
CloseClipboard
MonitorFromPoint
BeginPaint
GetCursor
GetParent
OpenInputDesktop
GetLastActivePopup
GetClassWord
ArrangeIconicWindows
MapVirtualKeyExA
CopyAcceleratorTableA
GetMenuItemRect
GetClipboardFormatNameA
ValidateRect
CreateIconFromResource
EndMenu
MapVirtualKeyW
GetTitleBarInfo
GetWindowWord
SetWindowTextA
SetWindowPos
VkKeyScanExA
SetLayeredWindowAttributes

ole32

CoReleaseServerProcess
CoCreateInstance
CoRegisterClassObject
CLSIDFromProgID
CoInitialize
OleRun
StringFromCLSID
CoRevokeClassObject

advapi32

CreateRestrictedToken
ReportEventW
AdjustTokenPrivileges
GetSecurityDescriptorControl
RegDeleteKeyW
RegisterEventSourceW
RegQueryInfoKeyW
RegisterEventSourceA
InitializeSecurityDescriptor
RegQueryValueExA
DeleteService
LookupPrivilegeValueW

shlwapi

PathFileExistsW

kernel32

LCMapStringA
GetLocaleInfoA
HeapSize
RtlUnwind
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
LoadLibraryA
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
GetStringTypeA
GetStringTypeW
ConnectNamedPipe
WideCharToMultiByte
GetEnvironmentStrings
GlobalDeleteAtom
UpdateResourceW
SetFilePointerEx
GetNamedPipeInfo
ResetEvent
DeleteAtom
GetHandleInformation
WTSGetActiveConsoleSessionId
CancelWaitableTimer
DecodePointer
FlushFileBuffers
VirtualAlloc
FindFirstFileExW
PurgeComm
GetCommandLineW
GetFileInformationByHandle
GetModuleFileNameA
FreeResource
CreateFileMappingW
LCMapStringW
SetConsoleCursorInfo
UnmapViewOfFile
HeapAlloc
GlobalMemoryStatus
PostQueuedCompletionStatus
DeviceIoControl
TlsGetValue
FindFirstFileExA
CreateProcessW
WaitNamedPipeW
FreeLibrary
GetLocaleInfoW
EncodePointer
UnhandledExceptionFilter
ExitThread
GetCurrentThreadId
OpenFileMappingW
GetWindowsDirectoryA
OutputDebugStringA
GetSystemInfo
GetCurrentThread
GetProcAddress
VerSetConditionMask
GetTempFileNameA
CreateToolhelp32Snapshot
SetCurrentDirectoryW
SetErrorMode
SetFileAttributesW
CreateFileW
GetTickCount
VirtualProtect
SetEndOfFile
GetNamedPipeHandleStateA
FreeEnvironmentStringsW
LoadLibraryW
GetThreadContext
SetLastError
CreateFileA
GetConsoleScreenBufferInfo
FormatMessageA
Process32First
CreateEventA
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

82c9e1f90d87f1f2ce250d3ccc2e163f

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

advapi32

shlwapi

kernel32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 119KB

.rsrc Size: 93KB - Virtual size: 121KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 119KB

.rsrc
Size: 93KB - Virtual size: 121KB