ec9a99f080df6c39ac72898794ce5c52[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ec9a99f080df6c39ac72898794ce5c52.zip
Size

774KB
MD5

7ac6a6e071e0334e26bf5dc8dfc72355
SHA1

94ef41c6cc89fe579dc90c6caae68f65624cb4ea
SHA256

7d1db0a37fde64cc4dc0706f5623437877607c91fd4cc3fe0545587ca9b7ac78
SHA512

6576d3381a5d7e573e8ab57f5950af756fbade0b02019d9f5372b2139e8a6c25b76b822d478230cda11c4ace3c7c8e84d322aceab5af5f167a7bf406735f2285
SSDEEP

12288:zFHF2AysoYePylopStvQq8HccrSekoFKExDoKUTSXHT8JIZguO/bVS3JzSAincLD:1F2LsIPsopQonHM6UK/XHTAMzSAinGtJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/565dc0e0b453a7625e4f504d62d20cbea3b4c608526a61e1da37f97abac3481e

Files

ec9a99f080df6c39ac72898794ce5c52.zip
.zip

Password: infected
565dc0e0b453a7625e4f504d62d20cbea3b4c608526a61e1da37f97abac3481e
.exe windows:5 windows x86 arch:x86

Password: infected

2938fa2df7e806927b9ad495b8f205f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
MoveFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteFile
GetDriveTypeW
GetTempFileNameW
GetProcAddress
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
DeleteFileW
LocalAlloc
SetLastError
MultiByteToWideChar
GetFileAttributesW
CopyFileW
LocalFree
CreateFileW
ReadFile
CreateProcessW
GetFileSize
CreateThread
CloseHandle
lstrcmpiW
CreateEventW
GetLastError
GetModuleFileNameW
Sleep
SetEvent
MoveFileExW
WaitForSingleObject
CreateDirectoryW
LCMapStringW
CompareStringW
HeapReAlloc
OutputDebugStringW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RtlUnwind
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
RaiseException
GetCPInfo
GetCommandLineW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetFileAttributesExW
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
SetEndOfFile

user32

LoadStringA
wsprintfW

advapi32

DeleteService
OpenServiceW
SetServiceObjectSecurity
OpenSCManagerW
CloseServiceHandle
CreateServiceW
RegisterServiceCtrlHandlerW
OpenSCManagerA
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CreateWellKnownSid
GetSecurityDescriptorDacl
RegSetValueExW
RegCloseKey
QueryServiceConfigW
ControlService
BuildExplicitAccessWithNameW
RegOpenKeyExW
FreeSid
SetEntriesInAclW
ChangeServiceConfigW
QueryServiceStatus
LookupAccountSidW
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherW
SetServiceStatus
InitializeSecurityDescriptor

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertGetNameStringA
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathAppendW
PathStripToRootW
PathQuoteSpacesW
PathUnquoteSpacesW
PathRemoveFileSpecW

ole32

CoCreateGuid

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2938fa2df7e806927b9ad495b8f205f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

crypt32

wintrust

version

shlwapi

ole32

rpcrt4

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB