df2d7668906396625694e3cebaa3f854[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

df2d7668906396625694e3cebaa3f854.zip
Size

293KB
MD5

4f25a848fe67985cbb070afc2e8c8a7d
SHA1

48654076f0ae5999b4307befa53eb35cd5583d69
SHA256

8d8ef6f794f3a242e1d19a2227f86562e506a9c8779b5342f31b06d42ecd7398
SHA512

eec68499fff6a22277f71d30fd5dcf822278fd13c7cb80cf0dc0588549e12b120eda161bea09b0697f4108505f4dea8a209e7c727c35effa393c90ef80d75410
SSDEEP

6144:yT87rmSUmZeidcog4HCwi/4yc5CrvOt3c9liMTUzvCwwqTb6Mw/:yTQamvduLwByu8ySiMTMCTqnvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/628e8e8f4dc31191a98ce300f0f3f721ad80b184b3c02d288fbe674f92d63bb6

Files

df2d7668906396625694e3cebaa3f854.zip
.zip

Password: infected
628e8e8f4dc31191a98ce300f0f3f721ad80b184b3c02d288fbe674f92d63bb6
.exe windows:6 windows x86 arch:x86

Password: infected

ec455612e80bfcf3ebcb2ba43aa8ce9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PerfHost.pdb

Imports

msvcrt

memset
_vsnwprintf
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_wcsicmp
_controlfp
_except_handler4_common
?terminate@@YAXXZ

ntdll

RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
EtwEventUnregister
EtwEventRegister
RtlFreeHeap
RtlAllocateHeap
EtwEventWrite
RtlNtStatusToDosError
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlExpandEnvironmentStrings

rpcrt4

RpcBindingInqAuthClientW
RpcServerUnregisterIf
RpcBindingVectorFree
RpcEpUnregister
RpcBindingToStringBindingW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcRevertToSelf
RpcStringBindingParseW
RpcStringFreeW
RpcEpRegisterW
NdrServerCall2
RpcImpersonateClient

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleA

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegCloseKey

api-ms-win-core-misc-l1-1-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

InitializeSRWLock

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-threadpool-l1-1-0

SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWork

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 396KB - Virtual size: 988KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ec455612e80bfcf3ebcb2ba43aa8ce9f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-threadpool-l1-1-0

api-ms-win-service-core-l1-1-0

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 976B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 396KB - Virtual size: 988KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 976B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 396KB - Virtual size: 988KB