malware[.]dll_pw_infected[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

malware.dll_pw_infected.zip
Size

12KB
MD5

af37724634bd3e036b439e1132a3a340
SHA1

323c01f3d2586f0537c862df2fc53ee73d3b7dce
SHA256

c2bff8289e05b3e28f4566b8747cda5329bb8be1c974b1260cdd329b6ae7db02
SHA512

59fda7ce93676f57b749d2aa5e46f49e7f2e44ee80151e070c64eb7e8da0224b81482fcf91164b999cb3c83d5888f40af15199dba66d1bda905fcbf15d29cd79
SSDEEP

192:zs375cDNuYnhCPjmc/l6utiBX4WzazBoqsGtrwKFK4d+1u09fIoLmpCaaQKhgADU:zsm5kh/l6EE+aYtEKFw1NlmcLQegDmE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0x00070000000234bd-3

Files

malware.dll_pw_infected.zip
.zip

Password: infected
0x00070000000234bd-3
.dll regsvr32 windows:5 windows x64 arch:x64

1772cc83964df19e6a2b0ce36bd289c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExW
RegQueryValueExW

kernel32

DisableThreadLibraryCalls
GetProcessHeap
GetSystemInfo
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetCommandLineA
lstrlenA
lstrcmpiA
HeapAlloc
TlsAlloc
FreeLibrary
HeapFree
TlsFree
TlsSetValue
SetLastError
GetLastError
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
FormatMessageW
LocalFree
lstrcmpiW
IsValidCodePage
RtlMoveMemory
VirtualAlloc
VirtualFree
GetModuleHandleA

ole32

IsEqualGUID
CoGetContextToken

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

msvcrt

_wcsicmp

user32

wsprintfA
LoadStringW
wsprintfW
MessageBoxW

shlwapi

SHDeleteKeyA
StrToIntW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

code
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

const
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

1772cc83964df19e6a2b0ce36bd289c8

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

msvcrt

user32

shlwapi

Exports

Exports

Sections

code Size: 15KB - Virtual size: 15KB

data Size: 512B - Virtual size: 176B

const Size: 3KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 192B

code
Size: 15KB - Virtual size: 15KB

data
Size: 512B - Virtual size: 176B

const
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 192B