e8ef02beaf986390fcb537d1cb3d6a51[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

e8ef02beaf986390fcb537d1cb3d6a51.zip
Size

1.9MB
MD5

72c5147a2fc0c38416e9e60f64e1aeb2
SHA1

e4b92177e9b04ab96607794dc836aebbd2189095
SHA256

13612ddc4999d0d8750de055a5c3343d669ad9ebe51dee337ea7fd91958df3b2
SHA512

bf36c8ca719de871bb59f6516402f3be6d759f6919459d14ef38fbc1f27d4ef9340d3f569f13b9126c3cebe92fedf636ae57c1549fd0154c44f7d68042efc079
SSDEEP

49152:ufmUf2DTRig5PJRH+0sY3z1OJ4/5LkjfvGOsDMfj088:MmUf27rprxAiAbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/370c78ecd539292a20e84dd4f58aaf5194a3b0db5ea857adfd46b50d6333426a

Files

e8ef02beaf986390fcb537d1cb3d6a51.zip
.zip

Password: infected
370c78ecd539292a20e84dd4f58aaf5194a3b0db5ea857adfd46b50d6333426a
.exe windows:5 windows x86 arch:x86

Password: infected

444a63419f2dc4d9905ad6a923b878cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\personal\nhdev\366\official\binary\NetHack.PDB

Imports

kernel32

GlobalFree
MultiByteToWideChar
GetConsoleOutputCP
VerSetConditionMask
FreeLibrary
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
GetStdHandle
Beep
CloseHandle
GetVersion
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
CopyFileA
GlobalLock
FillConsoleOutputAttribute
FlushConsoleInputBuffer
SetConsoleOutputCP
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
SetConsoleCursorPosition
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WriteConsoleOutputAttribute
GetConsoleTitleA
SetConsoleTitleA
GetCurrentConsoleFontEx
SetCurrentConsoleFontEx
GetConsoleWindow
GetModuleFileNameA
GetCurrentProcessId
GlobalUnlock
GlobalAlloc
Sleep
OutputDebugStringA
DebugBreak
GetDiskFreeSpaceA
FindNextFileA
FindFirstFileA
FillConsoleOutputCharacterA
FindClose
IsDebuggerPresent
SetConsoleCtrlHandler
CreateDirectoryA
GetFileSizeEx
GetFileAttributesExW
SetEndOfFile
DeleteFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapQueryInformation
HeapSize
HeapReAlloc
GetTimeZoneInformation
MoveFileExW
GetTickCount
GetConsoleCursorInfo
SetConsoleCursorInfo
WriteConsoleA
WriteConsoleOutputA
GetFileType
DuplicateHandle
SetUnhandledExceptionFilter
GetCurrentProcess
OpenProcess
MapViewOfFile
UnmapViewOfFile
GetModuleHandleA
CreateFileMappingA
CreateConsoleScreenBuffer
SetConsoleActiveScreenBuffer
GetLargestConsoleWindowSize
SetConsoleTextAttribute
SetConsoleWindowInfo
GetNumberOfConsoleInputEvents
PeekConsoleInputA
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
RaiseException
WideCharToMultiByte
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlUnwind
GetModuleFileNameW
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WriteFile
OutputDebugStringW
WriteConsoleW
ExitProcess
GetModuleHandleExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleCP
ReadFile
HeapValidate
GetSystemInfo
QueryPerformanceFrequency
GetCommandLineA
GetCommandLineW
SetFilePointerEx
ReadConsoleW
GetCurrentThread
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFullPathNameW
SetStdHandle
ReadConsoleInputW
FlushFileBuffers

advapi32

RegCloseKey
RegQueryValueExA
GetUserNameA
RegQueryValueExW
RegOpenKeyExA

gdi32

GetCharABCWidthsW
GetCharWidthW
EnumFontFamiliesExW
DeleteObject
CreateFontIndirectW
SelectObject
GetFontUnicodeRanges
GetTextMetricsA

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

user32

GetWindowThreadProcessId
FindWindowA
SendMessageA
wsprintfA
GetKeyboardLayout
GetMonitorInfoA
MapVirtualKeyA
ReleaseDC
GetDC
EmptyClipboard
SetClipboardData
GetClipboardData
OpenClipboard
GetKeyState
MonitorFromWindow
MessageBeep
CloseClipboard

winmm

sndPlaySoundA

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGenRandom

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.itext
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

444a63419f2dc4d9905ad6a923b878cf

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

gdi32

ole32

shell32

user32

winmm

bcrypt

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 521KB - Virtual size: 521KB

.data Size: 88KB - Virtual size: 226KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 214KB - Virtual size: 213KB

.itext Size: 202KB - Virtual size: 201KB

.idata Size: 512B - Virtual size: 3KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 521KB - Virtual size: 521KB

.data
Size: 88KB - Virtual size: 226KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 214KB - Virtual size: 213KB

.itext
Size: 202KB - Virtual size: 201KB

.idata
Size: 512B - Virtual size: 3KB