f8de032d1d326d1175de22dba0e02f70[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

f8de032d1d326d1175de22dba0e02f70.zip
Size

282KB
MD5

e2d49c37d5640458a5f4628190d9b856
SHA1

8743c5f3823ca7eed2a4426e3504863b1680c1b2
SHA256

02ff7b3ba8842473044ddb3ee27c0ba5142cd11846c8104c84fbd18d3fe7f4da
SHA512

c65a910dbb722ce10acaad3d29b8a1ace5400cb766266925fa90ac1de6695c99a2e565ff070b0e2034f948d00d375e0b7226cbe3324531554a63a1fd07de29b7
SSDEEP

6144:b/JOTAkMpN8NF6lST6EKbbUfMxOr0KcA+/KtZ3jzL3:z8ApSNwS5Koa7CtZfL3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4903473e2d34f6fcc54e7ba8db204c33efc2a1f1774b23c837d4665492707b69

Files

f8de032d1d326d1175de22dba0e02f70.zip
.zip

Password: infected
4903473e2d34f6fcc54e7ba8db204c33efc2a1f1774b23c837d4665492707b69
.exe windows:10 windows x64 arch:x64

Password: infected

4c9b51ec0bbedefc3b06549b56180167

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xbgmsvc.pdb

Imports

msvcrt

_CxxThrowException
?terminate@@YAXXZ
_lock
__C_specific_handler
_fmode
_initterm
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
__setusermatherr
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcpy
??0exception@@QEAA@XZ
_XcptFilter
??1exception@@UEAA@XZ
_purecall
_unlock
??3@YAXPEAX@Z
memcpy_s
memmove
_cexit
_commode
__dllonexit
_exit
_onexit
_vsnwprintf
??1type_info@@UEAA@XZ
_amsg_exit
exit
__set_app_type
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
??_V@YAXPEAX@Z
__wgetmainargs
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
ReleaseMutex
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

ntdll

NtQuerySystemInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAddFunctionTable

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileSizeEx
WriteFile
ReadFile
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 396KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4c9b51ec0bbedefc3b06549b56180167

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-memory-l1-1-0

ntdll

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 396KB - Virtual size: 1.1MB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 396KB - Virtual size: 1.1MB