c16a0b8e96b56c0147def881b82f2137[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

c16a0b8e96b56c0147def881b82f2137.zip
Size

100KB
MD5

7e30a755d9130697a94cd93cf56edba5
SHA1

d051edd8f800217ada4d3c9231dbb2e9b885ae9b
SHA256

b8c9c92ebcf4d6750915a57bda775631695a66690dd781cdd8e3150827d34c87
SHA512

35cd4fe5ec81262bfe59dc44aa262369908278bbec541bd0bc5762559e331c03e2ab0f94ce9bdf941d341c934517bfc0ad88fd555f94219c8736411a97de0db8
SSDEEP

3072:DR5Pd9c4c2fTt78xn+ZpLu06+J7WFTVzGekzoPQTrWA/:9b9c4BfTt7nxZJ7MTVSekoPU5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/34c8e30ed4419ab4788e944bf06f06a39138e58d547816174fec684f881994c4

Files

c16a0b8e96b56c0147def881b82f2137.zip
.zip

Password: infected
34c8e30ed4419ab4788e944bf06f06a39138e58d547816174fec684f881994c4
.exe windows:4 windows x86 arch:x86

Password: infected

84a5c39eb178b6e678403c890a52017c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strlen
_strnicmp
strncmp
strncpy
strcpy
atof
strcat
localtime
mktime
gmtime

user32

wsprintfA
GetWindowThreadProcessId
KillTimer
SetTimer
wvsprintfA
MessageBoxA
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows
GetWindowLongA
CallWindowProcA
DefWindowProcA
SetWindowLongA
SetWindowTextA
DestroyWindow
SendMessageA
CreateWindowExA
LoadCursorA
LoadIconA
RegisterClassA
GetSysColor
PeekMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
AdjustWindowRect
GetSystemMetrics
GetWindowRect
ShowWindow
GetMessageA
GetClassNameA
PostMessageA
GetParent
GetWindow
SetWindowPos
SetFocus
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
GetFocus
IsChild
EnumChildWindows
GetKeyState
CreateAcceleratorTableA
SetCursorPos
LoadImageA
SetCursor
SystemParametersInfoA
SetCapture
GetCursorPos
MapWindowPoints
ReleaseCapture
MoveWindow

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

ole32

CoInitialize
CoCreateInstance
CoUninitialize

urlmon

URLDownloadToFileA

gdi32

GetStockObject
CreateBrushIndirect

comctl32

InitCommonControls

kernel32

GetModuleHandleA
GetCommandLineA
ExitProcess
HeapCreate
GetSystemDirectoryA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GlobalAlloc
OpenProcess
CloseHandle
GetLastError
GetEnvironmentVariableA
GetCurrentDirectoryA
SystemTimeToFileTime
GetFileAttributesA
SetFileAttributesA
CreateFileA
SetFileTime
GetFileTime
HeapDestroy
HeapReAlloc
FreeLibrary
HeapAlloc
IsBadReadPtr
HeapFree
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
SetUnhandledExceptionFilter
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
GetTickCount
Sleep
FindClose
FindFirstFileA
FindNextFileA
ReadFile
SetFilePointer
GetFileSize
WriteFile
GetLocalTime

shell32

ShellExecuteExA

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 1024B - Virtual size: 617B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

84a5c39eb178b6e678403c890a52017c

Headers

File Characteristics

Imports

crtdll

user32

advapi32

wininet

oleaut32

ole32

urlmon

gdi32

comctl32

kernel32

shell32

Sections

.text Size: 65KB - Virtual size: 64KB

.data Size: 12KB - Virtual size: 15KB

.flat Size: 1024B - Virtual size: 617B

.text
Size: 65KB - Virtual size: 64KB

.data
Size: 12KB - Virtual size: 15KB

.flat
Size: 1024B - Virtual size: 617B