d318dc7b92c68cddb6ac8e82af8a7439[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d318dc7b92c68cddb6ac8e82af8a7439.zip
Size

7.8MB
MD5

bb7fc0972dc54c71ba4fa058194290d8
SHA1

0618385f3aedcfd2818aef5c07e5dbc995192910
SHA256

d5765dff5690f5f9a337c9fa0047b8c58e9f2ec2b6211f8482d57c5bf251308c
SHA512

a954f0034dfffde83c86fed5cf7c32ed74017b685ceedae45c209eee61bc0508ad7ec8f62df5f5664b26b36760658540b1287dd4169aeb6c96e9429c5b65222d
SSDEEP

196608:bcpJ5Ohc+qCVmZjhPLoXY0eJY0h3SDUawhZSl:Qp4c+qCghP8Xdf0h3SlwhZQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/23f1145599ca4f2836be5ba2ef445c06709df2e71dc30d6cd534b60810673716

Files

d318dc7b92c68cddb6ac8e82af8a7439.zip
.zip

Password: infected
23f1145599ca4f2836be5ba2ef445c06709df2e71dc30d6cd534b60810673716
.exe windows:5 windows x86 arch:x86

Password: infected

613eed189326e5150348769c0b41fcc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\mogaduhesutun\hihekeyolo63-pi.pdb

Imports

kernel32

lstrlenA
HeapAlloc
EndUpdateResourceW
ReadConsoleA
GetCurrentProcess
SetEvent
SleepEx
BackupSeek
CreateActCtxW
GetEnvironmentStrings
InitAtomTable
HeapDestroy
GetFileAttributesA
FindNextVolumeW
GetTapePosition
WriteConsoleW
GetModuleFileNameW
ReleaseSemaphore
DeactivateActCtx
InterlockedExchange
GetLastError
GetProcAddress
BeginUpdateResourceW
RemoveDirectoryA
GetProcessVersion
LocalAlloc
CreateIoCompletionPort
GetModuleHandleA
VirtualProtect
SetProcessShutdownParameters
GetCurrentProcessId
FindNextVolumeA
lstrcpyA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
CloseHandle
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
RtlUnwind
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
MultiByteToWideChar
HeapReAlloc
IsProcessorFeaturePresent
HeapSize
LCMapStringW
GetStringTypeW
CreateFileW

Exports

Exports

@GetFirstVice@8

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lipafo
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.yowo
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11.2MB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

613eed189326e5150348769c0b41fcc9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 84KB

.lipafo Size: 1024B - Virtual size: 624B

.yowo Size: 512B - Virtual size: 23B

.rsrc Size: 11.2MB - Virtual size: 65KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 84KB

.lipafo
Size: 1024B - Virtual size: 624B

.yowo
Size: 512B - Virtual size: 23B

.rsrc
Size: 11.2MB - Virtual size: 65KB