9211ce6298b94bfb80c4c4750e5cc491[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

9211ce6298b94bfb80c4c4750e5cc491.zip
Size

467KB
MD5

d22123fc5b12803eb18c3959d0ec6ccc
SHA1

cbe7a4adfc5860f3a69c96531e5ed727524b904a
SHA256

fee56108da0e3762ce454d3d79d8fb5307d988c0128ca110d4c06ed50f8606ba
SHA512

85e1c65757583bbb8d5305e36d74f108c422f8c68128d089bfce85b3acde7c36f4a5f1932c5ae90c249ee41c53a183f1eb4d05f82d9d7feb2d782983e2b531cc
SSDEEP

6144:Qjm77DPLTS78qWT1iMaYpHy4y/Dg/fCExQWqdXn/qbTti0Qr/h2b74HC5yYTroSa:h7DPS8qlMh5KDl8qdi3ti0Qr/h2w0Vhy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0ba0e4522c1549a6f8e436003b2456411b6c1bc5eca438cc16996587fa06000d

Files

9211ce6298b94bfb80c4c4750e5cc491.zip
.zip

Password: infected
0ba0e4522c1549a6f8e436003b2456411b6c1bc5eca438cc16996587fa06000d
.exe windows:4 windows x86 arch:x86

Password: infected

15d5ef646683193cc56a57795c37b4cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueW

kernel32

CloseHandle
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
ReadFile
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetUnhandledExceptionFilter
TlsGetValue
VirtualAlloc
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

_strdup
_stricoll
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fpreset
_fullpath
_iob
_isctype
_onexit
_pctype
_setmode
_strdup
abort
atexit
calloc
free
fwrite
malloc
mbstowcs
memcpy
realloc
setlocale
signal
strcoll
strlen
tolower
vfprintf
wcstombs

user32

AppendMenuW
CallWindowProcW
CharLowerBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
ChildWindowFromPoint
CloseClipboard
CreateDialogParamW
CreatePopupMenu
DefDlgProcW
DestroyAcceleratorTable
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DialogBoxParamW
DispatchMessageW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EnumClipboardFormats
FindWindowA
GetActiveWindow
GetClassInfoW
GetClientRect
GetClipboardData
GetCursorPos
GetDlgItem
GetDlgItemTextW
GetMenu
GetMessageW
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
InsertMenuItemW
InvalidateRect
IsDialogMessageW
IsDlgButtonChecked
IsMenu
IsWindow
KillTimer
LoadAcceleratorsW
LoadCursorW
LoadIconW
MessageBoxW
MoveWindow
OpenClipboard
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RemoveMenu
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetClipboardData
SetCursor
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetMenuItemInfoW
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
TrackPopupMenu
TranslateAcceleratorW
TranslateMessage
UnregisterClassW
wsprintfW
wvsprintfW

Sections

.text
Size: 446KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 152B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

15d5ef646683193cc56a57795c37b4cd

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 446KB - Virtual size: 445KB

.data Size: 181KB - Virtual size: 180KB

.rdata Size: 1KB - Virtual size: 1KB

.eh_fram Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 152B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 115KB - Virtual size: 115KB

.text
Size: 446KB - Virtual size: 445KB

.data
Size: 181KB - Virtual size: 180KB

.rdata
Size: 1KB - Virtual size: 1KB

.eh_fram
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 152B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 115KB - Virtual size: 115KB