2bdbaa02d81c39e135edc72e44466fbb[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2bdbaa02d81c39e135edc72e44466fbb.zip
Size

14KB
MD5

168fbb7bc970c3a8c849a5ab2a2dd4a1
SHA1

81ee682ed908d7f3c7d6486723ed9f62f3d6a9ef
SHA256

ecc6484ec3148547f8b57a2d74fcefda51887773ec75ea2fcbffaef3b489b26a
SHA512

a0d58ea99ab5d0b19080f53c89be0df9e975d5a64607388ce58b3e73665591330b5b037870baad1d8f03de3709ef073debbe1c7e7c32d3995387a64a546da9f8
SSDEEP

384:aNP06eMoXq4cDuumF4LmUWKS1rn7a6zXyuZ:aF0uJxDAF4c7a67Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/8783d110ef59b4296ebc9712661751f5d30a5602529e6257738e970a1d7e48d3

Files

2bdbaa02d81c39e135edc72e44466fbb.zip
.zip

Password: infected
8783d110ef59b4296ebc9712661751f5d30a5602529e6257738e970a1d7e48d3
.dll windows:6 windows x86 arch:x86

Password: infected

40b832b740f1d169591ab2f3727193b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
lstrcatW
VirtualProtect
GetLastError
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
lstrlenW

mscms

CreateColorTransformA
GetStandardColorSpaceProfileA
ord1
IsColorProfileTagPresent
CreateMultiProfileTransform
SetColorProfileElementReference
InstallColorProfileW

odbc32

ord72
ord141
ord44
ord6
ord9
ord136

rtm

RtmCreateEnumerationHandle
RtmLookupIPDestination
RtmEnumerateGetNextRoute
RtmBlockSetRouteEnable

urlmon

ObtainUserAgentString
URLDownloadToFileA
CoInternetParseUrl
URLOpenBlockingStreamA
FindMediaType
IsAsyncMoniker

avifil32

AVIStreamStart
AVIMakeStreamFromClipboard
AVIFileEndRecord
AVIStreamFindSample
AVIFileGetStream

msvfw32

GetOpenFileNamePreviewA

user32

wsprintfW

advapi32

RegEnumValueW
RegNotifyChangeKeyValue
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
StringFromGUID2
PropVariantClear

msvcrt

memset
free
_initterm
_adjust_fdiv
wcstol
malloc
memcmp

Exports

Exports

ejcleio

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

40b832b740f1d169591ab2f3727193b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscms

odbc32

rtm

urlmon

avifil32

msvfw32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 896B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 896B