242a2c3c37188e2ecf3e79798149a3df[.]zip

General

Target

242a2c3c37188e2ecf3e79798149a3df.zip
Size

141KB
MD5

42aca95e45f8a4dd23d03e5769f56187
SHA1

ef229ac7a566c098c3477233ce7d6dc67163319c
SHA256

18b3661ebdd34d7a89b788e79d87d62467fa26187874cc71fa3176a6d01752a7
SHA512

4ff59c3af2824a5498fa19cf59707be78722fbc2cf170b546bcc63385134ce38edfde4f8887718c4dd2d993d852d2f03b3665f5c7e3a24c6352afdfae95bafbb
SSDEEP

3072:Q3kUM5oDhRaVvL4tc/vmDw019xDEUypsQPqkEcAiA:yioDhRiLUHVxDEtsQyh1f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4690ef9e8a7a77ea30029eeb1b913bceeab75a71bf18dce34c26467fa9d4cdda

Files

242a2c3c37188e2ecf3e79798149a3df.zip
.zip

Password: infected
4690ef9e8a7a77ea30029eeb1b913bceeab75a71bf18dce34c26467fa9d4cdda
.exe windows:4 windows x86 arch:x86

Password: infected

d0faf1f829379ff4f83833223a663610

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Value\Which\A.pdb

Imports

kernel32

GetSystemDirectoryW
GetModuleHandleW
MultiByteToWideChar
CreateFileW
GetCurrentDirectoryW
GetDateFormatW
GetLocalTime
ExitProcess
GetVersion
CreateEventW
SetEvent
CloseHandle
WaitForSingleObject
Sleep
HeapSetInformation
GetConsoleOutputCP
GetCurrentProcess
GetTimeFormatW
TerminateProcess

user32

MsgWaitForMultipleObjects
GetWindowRect
UpdateWindow
GetClientRect
SetTimer
RedrawWindow
GetSystemMetrics
LoadIconW
ScreenToClient
GetSysColorBrush
IsIconic
GetSystemMenu
OffsetRect
ShowWindowAsync
CharToOemW
LoadStringW

comdlg32

CommDlgExtendedError

advapi32

AdjustTokenPrivileges
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
OpenProcessToken

shell32

ShellAboutW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

msvcrt

wprintf
free
malloc
fflush
fclose
memset

crypt32

CertFreeCertificateContext

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d0faf1f829379ff4f83833223a663610

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comdlg32

advapi32

shell32

version

msvcrt

crypt32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 346KB

.rsrc Size: 4KB - Virtual size: 1008B

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 346KB

.rsrc
Size: 4KB - Virtual size: 1008B