788f45ada2b264a9ea458f7d125571b0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

788f45ada2b264a9ea458f7d125571b0.zip
Size

449KB
MD5

599c017e8fd78f8af864c8e82dc2e5fa
SHA1

d14193e47fde99e222b14db28728430e446425f1
SHA256

a85c2fc35c54dceffc9fc852d137ac719c767e45a967693da54882c9f250413c
SHA512

5388f2daf90a414d6a4bae77550ed104d3cb665f8a06c48b7951bacee6e3b39e9ebef2f07b5df91305b88d2b99d95df6baa8f9ce0790436d52a1d8fbc1f47da9
SSDEEP

12288:e+nP4S+qaK+ISAnvb4AaKUP0HWb01mYIECXG:bnAS+hF5Avhacw0wqF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/75b40afc06895b53f4a90d06c0b6b0e6b72a2c34883dfd151bfbac51701576c0

Files

788f45ada2b264a9ea458f7d125571b0.zip
.zip

Password: infected
75b40afc06895b53f4a90d06c0b6b0e6b72a2c34883dfd151bfbac51701576c0
.exe windows:5 windows x86 arch:x86

Password: infected

95764cd3a93b27321012d20c57632d43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\mecefejabax_dunugogi\27\lupuwi\xomahofo\vudidoloto\94\buk.pdb

Imports

kernel32

HeapAlloc
GetCurrentProcess
GetEnvironmentStringsW
SetEvent
FlushViewOfFile
SleepEx
ReadConsoleW
InitAtomTable
HeapDestroy
WriteConsoleW
GetModuleFileNameW
CreateActCtxA
DeactivateActCtx
GetProcAddress
BeginUpdateResourceW
GetAtomNameA
LocalAlloc
SetEnvironmentVariableA
GetOEMCP
CreateIoCompletionPort
SetConsoleTitleW
GetModuleHandleA
GetProcessShutdownParameters
EraseTape
VirtualProtect
GetCPInfoExA
Module32Next
ReleaseMutex
EndUpdateResourceA
GetVersionExA
FindNextVolumeA
lstrcpyW
LCMapStringW
SetLastError
SetProcessAffinityMask
IsProcessorFeaturePresent
HeapReAlloc
EncodePointer
DecodePointer
GetModuleHandleW
ExitProcess
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
InterlockedDecrement
ReadFile
HeapFree
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
IsValidCodePage
CloseHandle
LoadLibraryW
WriteFile
FreeEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
Sleep
MultiByteToWideChar
SetStdHandle
RtlUnwind
FlushFileBuffers
GetStringTypeW
HeapSize
RaiseException
CreateFileW

user32

ClientToScreen

gdi32

GetBitmapBits

winhttp

WinHttpSetOption

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 42.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rejadi
Size: 1024B - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bevaz
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

95764cd3a93b27321012d20c57632d43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winhttp

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 42.8MB

.rejadi Size: 1024B - Virtual size: 626B

.bevaz Size: 1024B - Virtual size: 624B

.rsrc Size: 148KB - Virtual size: 148KB

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 42.8MB

.rejadi
Size: 1024B - Virtual size: 626B

.bevaz
Size: 1024B - Virtual size: 624B

.rsrc
Size: 148KB - Virtual size: 148KB