768e7317538de4ce8ff9de729d010f5f[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

768e7317538de4ce8ff9de729d010f5f.zip
Size

212KB
MD5

0ce43165323cbdc31c99b82ccca43d93
SHA1

0d12431ed4b183c41ab634bed3e8125a7d687088
SHA256

da59f0fa5867ed72a6a099c843514cddcb4bcf13bf3ec4e6385e0df3752dd6e0
SHA512

edb69ee36b5269abfe1f68fdece4cd2a7d0c68ed0e839bdf89bdd4dcdefa47c114638fc5fb4102d2eae59e5102aa0ec46ec47056fd1800db7897138d930c0aa6
SSDEEP

6144:DS4FtcmkUf7gdHXxLrPzz/MokEO/BcTd4:mYumB7MX9PYEcB4d4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d4b81056011f64b15385f71fa173da668cf2f9c03f6dbe5e16636ccc3c36dc4c

Files

768e7317538de4ce8ff9de729d010f5f.zip
.zip

Password: infected
d4b81056011f64b15385f71fa173da668cf2f9c03f6dbe5e16636ccc3c36dc4c
.exe windows:4 windows x86 arch:x86

Password: infected

a1161b9f4081312e64af594f73664c29

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiA
CreateThread
GetLogicalDriveStringsA
GetDriveTypeA
GetWindowsDirectoryA
MoveFileA
FreeLibrary
EnumResourceNamesA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetSystemInfo
GetVersionExA
SetThreadPriority
GetCurrentThread
FreeResource
UpdateResourceA
SizeofResource
LockResource
LoadResource
FindResourceA
EnumResourceLanguagesA
EndUpdateResourceA
BeginUpdateResourceA
CreateMutexA
GetLastError
WaitForSingleObject
GetVolumeInformationA
GetComputerNameA
GetCurrentProcess
OpenMutexA
SetPriorityClass
GetTempPathA
GetModuleFileNameA
GetSystemDirectoryA
SetErrorMode
InitializeCriticalSection
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
MultiByteToWideChar
ExitThread
GetTimeFormatA
GetDateFormatA
GetFileSize
SetFileAttributesA
GlobalUnlock
GlobalLock
GlobalAlloc
ExitProcess
SetFileTime
SystemTimeToFileTime
GetSystemTime
CreateDirectoryA
CreateProcessA
GetCurrentProcessId
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetStdHandle
HeapReAlloc
GetLocaleInfoA
GetExitCodeProcess
GetStringTypeW
GetStringTypeA
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
VirtualAlloc
VirtualProtect
GetCPInfo
FlushFileBuffers
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
VirtualQuery
InterlockedExchange
RtlUnwind
TerminateProcess
GetCommandLineA
GetStartupInfoA
SetFilePointer
WriteFile
CreateFileA
ReadFile
CloseHandle
Sleep
FindFirstFileA
lstrcpyA
lstrcatA
lstrcmpA
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
lstrcpynA
GetTickCount
GetFileAttributesA
lstrlenA
CopyFileA
FindNextFileA
FindClose

user32

TranslateMessage
GetMessageA
UpdateWindow
RegisterClassA
DispatchMessageA
wsprintfA
GetWindowRect
GetDesktopWindow
ShowWindow
EnableWindow
GetClassNameA
DestroyWindow
UnregisterClassA
PostMessageA
GetWindowThreadProcessId
GetWindowTextA
IsWindowVisible
EnumWindows
IsWindowEnabled
LookupIconIdFromDirectoryEx
GetCursorPos
SetCursorPos
GetSystemMetrics
ReleaseDC
GetWindowDC
SetClipboardData
EmptyClipboard
SendInput
SendMessageTimeoutA
RegisterWindowMessageA
SetWindowPos
PostQuitMessage
GetClientRect
GetWindowInfo
GetWindow
GetWindowPlacement
MessageBoxA
EnumChildWindows
SetWindowTextA
SetForegroundWindow
SetFocus

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetDIBits
DeleteObject

advapi32

SetSecurityDescriptorGroup
ChangeServiceConfigA
GetUserNameA
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
SetFileSecurityA
SetSecurityDescriptorSacl

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ws2_32

inet_addr
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent
sendto
WSAGetLastError
gethostbyaddr
accept
getpeername
shutdown
inet_ntoa
select
__WSAFDIsSet
recv
send
closesocket
htons

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

a1161b9f4081312e64af594f73664c29

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

version

rpcrt4

Sections

.text Size: 164KB - Virtual size: 162KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 136KB - Virtual size: 220KB

.text
Size: 164KB - Virtual size: 162KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 136KB - Virtual size: 220KB