aaa7dc0b1e593006e0b8c5a536628906[.]zip

General

Target

aaa7dc0b1e593006e0b8c5a536628906.zip
Size

4.2MB
MD5

2c9bc92ba48c0f160a4417ac2e9d5b0b
SHA1

870e145ebf47159871da3f7702c2f17cb37f621c
SHA256

986a98a7f932f365e4e970aeaa48517a404fc8fc666d22d39c0b7ff25ec8a8b8
SHA512

ffd431a18840f7d619793d79e057f19bbeb7b35964859e01973b4e23e043a696461eeaba3863d402ab2f3500ebc0a2114c7d34c5aa058dd353bd7df01be27520
SSDEEP

98304:P9WwAWaVKMj1me4iyg2uGm/NCpjelLB69x03imlWodcN:P9WhWqJ1meZTvGm4pylLB643LlWicN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/77beee95b061496a7f269e109ecd4a08d126b7c7447d560d843b245c3ef38db6

Files

aaa7dc0b1e593006e0b8c5a536628906.zip
.zip

Password: infected
77beee95b061496a7f269e109ecd4a08d126b7c7447d560d843b245c3ef38db6
.exe windows:6 windows x86 arch:x86

Password: infected

908bea7ee71339f1c35ba419da3ba679

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JBQwnzq
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JBQwnzq
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

908bea7ee71339f1c35ba419da3ba679

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.JqjbwEJ Size: 3KB - Virtual size: 3KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 7KB

.JBQwnzq Size: 2.5MB - Virtual size: 2.5MB

.JBQwnzq Size: 1.9MB - Virtual size: 1.9MB

.reloc Size: 16KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 136KB - Virtual size: 135KB

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 7KB

.JBQwnzq
Size: 2.5MB - Virtual size: 2.5MB

.JBQwnzq
Size: 1.9MB - Virtual size: 1.9MB

.reloc
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB