316363896bcc0e0df90c79a6807117a9[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

316363896bcc0e0df90c79a6807117a9.zip
Size

346KB
MD5

480e29975cc07df173175776ce3ddc9b
SHA1

6e026a0adf9a237f395e90d443d847b4fdb85463
SHA256

1a868e213b06c8f31017b6dd71c2178427675cbbd74af774903b47e1a898f3f5
SHA512

57093bafb900561cf0ce53f4b2def75e8e3d8dce8fe066ebdae4ab2f4b1f50dae1ed27d60597e61e6d011c65564cdf5a18ec0b0474f5dc2ea86b55d2c5c99cb9
SSDEEP

6144:rgx4+OpRdlwf1bPGR9g+LCfJuQXdO/fPm28kZztNctKw1ilMk2uHS2K:rL+mwf1bPGR9glfJpcm2fZztyztYPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/17dc4448c8e8b6b096e0a9478d10b532fda9acc272f2febab676758556930baf

Files

316363896bcc0e0df90c79a6807117a9.zip
.zip

Password: infected
17dc4448c8e8b6b096e0a9478d10b532fda9acc272f2febab676758556930baf
.exe windows:4 windows x86 arch:x86

Password: infected

e8109be41b28fa47a234c1080abffde5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
HeapSize
CompareFileTime
CreateMutexA
HeapDestroy
ExitProcess
CloseHandle
GetFileInformationByHandle
MoveFileW
LocalAlloc
MulDiv
VirtualAlloc
WriteFile
WritePrivateProfileStringA
GetLocalTime
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
DuplicateHandle
RemoveDirectoryA
SetThreadPriority
SetLastError
IsDebuggerPresent
SetErrorMode
VirtualFree
HeapCreate
GetEnvironmentStringsW
GetStartupInfoA
SizeofResource
LoadLibraryExA
ResetEvent
GetStringTypeW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
ReadFile
GetLastError
RtlUnwind
HeapFree
GetOEMCP
CompareStringW
GetModuleHandleA
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
TerminateProcess

user32

IsCharAlphaNumericW
GetClassLongA
GetThreadDesktop
TranslateMessage
DispatchMessageW
PostThreadMessageW
PeekMessageW
CreateIconIndirect
PostQuitMessage
GetMessageW
MsgWaitForMultipleObjects

gdi32

GetStockObject
SetBkMode
CreatePen
GetDeviceCaps
MoveToEx

winspool.drv

OpenPrinterA
WritePrinter
OpenPrinterW

advapi32

OpenProcessToken
SetFileSecurityW
GetFileSecurityW

shell32

ExtractIconA
ShellExecuteExA
SHGetSpecialFolderLocation

ole32

CoInitialize
OleDuplicateData
CoSetProxyBlanket
OleFlushClipboard

oleaut32

VariantChangeTypeEx
VariantClear
VariantCopyInd
SysAllocStringLen
SysStringLen

imagehlp

UnDecorateSymbolName

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hle
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

e8109be41b28fa47a234c1080abffde5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

imagehlp

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 9KB - Virtual size: 2.0MB

.hle Size: 130KB - Virtual size: 130KB

.rsrc Size: 201KB - Virtual size: 201KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 9KB - Virtual size: 2.0MB

.hle
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 201KB - Virtual size: 201KB