11498dcc5b28e0b82d7a5dfe683e5bed[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11498dcc5b28e0b82d7a5dfe683e5bed.zip
Size

189KB
MD5

412230fdb4c7bcd41f042391ec2963cd
SHA1

a9842989aca1ce785c7c6aca51f990eda2c5b947
SHA256

42d3fc079103f513746e3f9e3ae08f3c523aab6f2542e8478ff1360d2436f17e
SHA512

d8fdb278e30eac25c8cf68dcd1f06dfbce99f0fb30d004cc025a15add62c994fb96f38fab56570af736a43ce5da3f580b75725b396bf8821a59f3845a72cf330
SSDEEP

3072:ruNonEjlM42yDSnOkc0XcvLDJbROqeGZEwzu+Hr/6IN4bMlh4haTlrSM1vC3cVhP:ru7ZmyenLc0Xcv6NGHlr2wlh4haTl51X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5d6fbe551fe95c4108ca41e507f27be4f304ba70a2b2326f96d3ba9541f88a22

Files

11498dcc5b28e0b82d7a5dfe683e5bed.zip
.zip

Password: infected
5d6fbe551fe95c4108ca41e507f27be4f304ba70a2b2326f96d3ba9541f88a22
.dll windows:5 windows x86 arch:x86

Password: infected

e1962136d28298fbdc410ff2954bca35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\SoUsual\GygaB\Debug\FreeLists.pdb

Imports

msvcrt

isspace
_itow
_ltow
_ltoa
_ultow
wcsncpy
_mbsspn
wcsncat
strncat

kernel32

WaitForSingleObject
SystemTimeToTzSpecificLocalTime
GetSystemDEPPolicy
GetProcAddress
LoadLibraryW
GetSystemTimeAsFileTime
lstrcpyA
GetCurrentDirectoryA
CloseHandle
GetCommMask
CreateFileMappingA
lstrcatA
lstrcatW
LCMapStringW
SetConsoleTitleA
Sleep
WritePrivateProfileStringW
GetConsoleTitleA
lstrcmpA
WriteFile
HeapAlloc
lstrcpyW
GetProcessDEPPolicy
IsBadReadPtr
GetACP
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetLocalTime
LocalReAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetFileAttributesA
GetLocaleInfoA
WriteFileEx
GetOverlappedResult
CreateSemaphoreW
CreateTapePartition
GetTapeParameters
SignalObjectAndWait
GetCurrentProcess
GetProcessTimes
FileTimeToLocalFileTime
GetProcessHeap
RaiseException
lstrcmpiA
FileTimeToSystemTime
GetFileTime
OpenEventA
CreateFileMappingW
HeapFree
SetEndOfFile
SetThreadPriority
GetThreadPriority
GetCurrentThread
FreeLibrary
GetModuleHandleW

user32

PrintWindow
TranslateMDISysAccel
PeekMessageW
PostThreadMessageA
GetWindowThreadProcessId
FindWindowA
GetShellWindow
MapVirtualKeyExA
SystemParametersInfoW
SendMessageW
ShowWindow
IsWindow
GetParent
GetWindowPlacement
PostMessageW
GetCursor
GetMenuDefaultItem
CharNextExA
GetLastInputInfo
DdeAccessData
UpdateWindow
MenuItemFromPoint
UnhookWindowsHookEx
RegisterClassW
DispatchMessageW
InflateRect
FillRect
SetWindowsHookExW
GetCaretPos

gdi32

EndPage
CreatePen
CreateSolidBrush
Polygon
StretchBlt

rpcrt4

NdrClientCall2

Exports

Exports

BasicSummaryCorruption
ServiceMain
_redmon_write_port@8
append_env
env_length
get_job_info
get_user_filename
join_env
make_job_env
rDeletePort
redmon_cancel_job
redmon_close_port
redmon_end_doc_port
redmon_get_config
redmon_init_config
redmon_read_port
redmon_validate_config
request_mutex
reset_redata
rsOpenPort
sDeletePort
write_string_to_log

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e1962136d28298fbdc410ff2954bca35

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

gdi32

rpcrt4

Exports

Exports

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 25KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 25KB

.reloc
Size: 11KB - Virtual size: 10KB