f0b84e8bd74a6e1a1bb8c80b12f2f395[.]zip

General

Target

f0b84e8bd74a6e1a1bb8c80b12f2f395.zip
Size

4.3MB
MD5

c5df8675f92f0117f50a5a7bc0b44cd5
SHA1

8462e2f2500dc84203ce92d3e570e10995cc652f
SHA256

fa2dbf557b9b1cdfda95dfb049e1d1012a6533baedd5576e6309c776c9e2516e
SHA512

8fd55a002d410e70a7206cdd77018704ad169948e98c79ecfa8e47bb7c4d88b13bcd8b3848650522e636368a7a59a1dad48d6f68ef7e8a3b231572a79ea5b5da
SSDEEP

98304:3nK2qvtG4vyUXclCqNhUeoqgyfRIt4szWukTz5hphUtORY:62M0yslVoqgyfRItJzWukTl6tF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6d1c904dcc026effe0a402ac13d2f226c97e173f967f6b9b3325a8dfb222f0a2

Files

f0b84e8bd74a6e1a1bb8c80b12f2f395.zip
.zip

Password: infected
6d1c904dcc026effe0a402ac13d2f226c97e173f967f6b9b3325a8dfb222f0a2
.exe windows:6 windows x86 arch:x86

Password: infected

908bea7ee71339f1c35ba419da3ba679

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JBQwnzq
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JBQwnzq
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

908bea7ee71339f1c35ba419da3ba679

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.JqjbwEJ Size: 3KB - Virtual size: 3KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 7KB

.JBQwnzq Size: 2.5MB - Virtual size: 2.5MB

.JBQwnzq Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 16KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 136KB - Virtual size: 135KB

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 7KB

.JBQwnzq
Size: 2.5MB - Virtual size: 2.5MB

.JBQwnzq
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB