649649b9b7a66698753641b40f4ef5d8[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

649649b9b7a66698753641b40f4ef5d8.zip
Size

297KB
MD5

d4d0c08b29b5d9f30b822fc8ffd50baf
SHA1

37943fa7b7e998c946117f2c9e680aed53360238
SHA256

2e68c203ab73dc25c91c1f9155f0ae206874f5cd97c3fc006fa57796c486a74a
SHA512

2583a0f146e8d0c35134a0e4098c6c36dff79b53781e9ed488699f79e8b088815c8197434fa4164ef675a5895202529cbceab56e8ab20f8c47f85e830e1933a5
SSDEEP

6144:ukxfk9nXpB+j8ph+Ix2yoeYGQ2cjX/hXQxuJI+k+gzd70NrNc4Kw3250PW/:dxfk9n5oScTern8hkuJq+gzd7ecmY0u/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/13e98f1b169b295d5a08a6dc579c46224004ef19c3bc949779c12c4124f528a9

Files

649649b9b7a66698753641b40f4ef5d8.zip
.zip

Password: infected
13e98f1b169b295d5a08a6dc579c46224004ef19c3bc949779c12c4124f528a9
.exe windows:10 windows x64 arch:x64

Password: infected

4375a4cb8b2c8db93e1813e0804f3705

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DiagnosticsHub.StandardCollector.Service.pdb

Imports

msvcp_win

??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_BADOFF@std@@3_JB
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__exit
_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memcpy
_o__wcsicmp
_o__wcsnicmp
_o_abort
_o_calloc
_o_exit
_o_free
_o_malloc
_o_set_terminate
_o_terminate
_o_wcsncpy_s
__C_specific_handler
_CxxThrowException
_o__errno
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf_s
_o__crt_atexit
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vfwprintf
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
_o___p___wargv
_o___p___argc
_o___acrt_iob_func
wcsrchr
memmove
__std_terminate
__CxxFrameHandler3
_o__configure_wide_argv
_o__configthreadlocale

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
DeleteCriticalSection
InitializeCriticalSection
OpenEventW
CreateEventW
WaitForSingleObject
SetEvent
ResetEvent

api-ms-win-core-threadpool-l1-2-0

IsThreadpoolTimerSet
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoUninitialize
CoRegisterClassObject
CLSIDFromString
CoCreateInstance
CoRevokeClassObject
StringFromGUID2
CoResumeClassObjects
CoMarshalInterface
CoInitializeEx
CoInitializeSecurity

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysStringByteLen

api-ms-win-service-management-l1-1-0

StartServiceW
OpenSCManagerW
CloseServiceHandle
OpenServiceW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
InitializeAcl
MakeAbsoluteSD
GetSecurityDescriptorLength
SetSecurityDescriptorDacl
AddAce
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetSecurityDescriptorSacl
GetAclInformation
GetSecurityDescriptorControl
MakeSelfRelativeSD

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l1-1-0

WriteFile
GetFileAttributesW
FlushFileBuffers

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
CreateThread
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-heap-l1-1-0

HeapFree
HeapReAlloc
HeapSize
HeapAlloc
GetProcessHeap
HeapDestroy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 396KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4375a4cb8b2c8db93e1813e0804f3705

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-obsolete-l1-1-0

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 396KB - Virtual size: 1.1MB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 396KB - Virtual size: 1.1MB