0d99406d7af533f47f6c37b03c0d5036[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

0d99406d7af533f47f6c37b03c0d5036.zip
Size

17KB
MD5

38b9e20ffdc0fa872af3c925d26ca329
SHA1

c676088f94830f19cab02e2cfce3c39d305ce44a
SHA256

31017a5718fd24fdbe631755a25354f26858e62d2f8f9af44bda246e5aa494b9
SHA512

4baf0f8a96b2673f28022a295a1de4d22170a42c52292c4c530e046cca179918757beaf01cd078f5ed46d98fd899491b27572aa5a173c23c954401e69e559c6e
SSDEEP

384:dtnCMfA2PE82rq04A1GTWClBNqJ29H9EK8UAiviV:dJXAM32rq04A1GTWub19H9cU76V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f33a5e89d64c4b55c650cb5160d267f98b83e27092cb33569ae54f1d91308ea3

Files

0d99406d7af533f47f6c37b03c0d5036.zip
.zip

Password: infected
f33a5e89d64c4b55c650cb5160d267f98b83e27092cb33569ae54f1d91308ea3
.dll windows:4 windows x86 arch:x86

Password: infected

75d7fa3e2cc9409b535be22f1fe45125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UpdateWindow
UnregisterHotKey
TranslateMessage
ShowWindow
SetWindowTextA
SetTimer
SetForegroundWindow
SetFocus
SetCursorPos
SetClassLongA
RegisterHotKey
wsprintfA
RegisterClassExW
MoveWindow
MessageBoxA
LoadIconA
LoadCursorA
KillTimer
GetWindowTextA
GetWindowRect
GetSystemMetrics
GetMessageA
GetFocus
GetCursorPos
DispatchMessageA
CallWindowProcW
RegisterClassExA
DestroyWindow
DefWindowProcA
CreateWindowExA
ChangeDisplaySettingsA

kernel32

lstrlenA
lstrcmpiA
lstrcatA
WriteFile
SystemTimeToFileTime
Sleep
SetSystemPowerState
RtlMoveMemory
ReadFile
OpenMutexA
LoadLibraryA
GlobalDeleteAtom
GetTickCount
GetSystemTime
GetProcessHeaps
GetModuleHandleA
GetCommandLineA
FlushViewOfFile
ExitThread
ExitProcess
CreateFileA
CloseHandle
Beep
LoadLibraryExA

shell32

ShellAboutA

advapi32

GetSecurityInfo
GetMultipleTrusteeOperationA
GetMultipleTrusteeA
GetLengthSid

gdi32

GetWorldTransform
RemoveFontResourceA
GetTextCharacterExtra
GetROP2
GetPolyFillMode
GetPixelFormat
GetPixel

ws2_32

socket
setsockopt
recv
connect

ntdll

RtlGetAce
RtlFreeHeap
RtlFreeHandle
NtQueryIoCompletion
NtDelayExecution
NtCreateTimer
NtCreateNamedPipeFile
NtCancelTimer
NtCallbackReturn

Exports

Exports

opmild

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

75d7fa3e2cc9409b535be22f1fe45125

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

gdi32

ws2_32

ntdll

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 79KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 79KB

.reloc
Size: 4KB - Virtual size: 4KB