a121985adcddbb2eb923d45ae3b8cdd9[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

a121985adcddbb2eb923d45ae3b8cdd9.zip
Size

597KB
MD5

97fce4a533812cba1147ddca29ec3c98
SHA1

c961a68b9553d551c117b67da55dbdfddcabe712
SHA256

dcf1dc89e6f444a9729f793d4af7163de61cec29f5b9ec123795b504b3a95444
SHA512

d54fbed008b94b6a2570b521a09e8b8ca0fb3c60a4a707b0d77517712dd78c279dcfd4ed806c1af238033d26c2ba432dbdb7205f8b24e6a117838685a8aa0a8c
SSDEEP

12288:FKATlkftJLA3EHJOmi/OF4qzgX4kvCJpIhCzd/ONpoM5c/zIV1nY+CV8X:EhtJU3UJOmiU4qz24SoI1gzIV2+C6X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/7d90e5c0e768763f154805629506d6620ad3c3c08ca5cbbf99123fcea97230ac

Files

a121985adcddbb2eb923d45ae3b8cdd9.zip
.zip

Password: infected
7d90e5c0e768763f154805629506d6620ad3c3c08ca5cbbf99123fcea97230ac
.dll windows:6 windows x86 arch:x86

Password: infected

cad3d3dbb9f2581e8e06760908394b82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\281\Some\542_Eat\over\alw\War.pdb

Imports

kernel32

VirtualProtect
WaitForSingleObject
OpenMutexW
LoadLibraryW
CreateProcessW
GetSystemDirectoryW
SetFileAttributesW
SetConsoleOutputCP
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
HeapReAlloc
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
CreateSemaphoreW
GetModuleHandleW
GetTickCount
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

ole32

StgCreateDocfile
OleSetContainedObject
OleInitialize
OleCreate
CoSuspendClassObjects
CoInitialize
CoUninitialize
OleUninitialize

winspool.drv

SetPrinterDataExW
SetPortW
FindClosePrinterChangeNotification
SetFormW
ResetPrinterW
ScheduleJob
OpenPrinterW
GetPrinterW
SetJobW
ReadPrinter
SetPrinterDataW
PrinterMessageBoxW
GetPrinterDriverW
EnumPrinterDriversW
EnumPrinterKeyW
EnumPrintersW

Exports

Exports

Jobhelp
Same
ThanShore

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

cad3d3dbb9f2581e8e06760908394b82

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

winspool.drv

Exports

Exports

Sections

.text Size: 652KB - Virtual size: 652KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 69KB - Virtual size: 686KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 652KB - Virtual size: 652KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 69KB - Virtual size: 686KB

.reloc
Size: 9KB - Virtual size: 9KB