db54650e57624a5debe24204d6ea6fcd[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

db54650e57624a5debe24204d6ea6fcd.zip
Size

260KB
MD5

81b93dc89c7296e2e8d5b0f941e8467b
SHA1

452e0ccc3a83c2591ed93aa7d0f99345b98ac5ae
SHA256

24321264b7f59c8a3150e676d2182810c96c3a4b30d5c107a1535a0947a84393
SHA512

c80046c4ff19de3017e6d91b09bddf592b65759619b83f1e229350f26e1a25cccafece2f884e2d5b4fa092ea72a6820ab8697ae8ff5c3e7e66867f4be272ecd9
SSDEEP

6144:69Cak4J2deVJrjkgEILxay/+rHLdTARBvd9hWINvDxMpizym99BM:60akLCUgayuryRB19fNM8ymi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/72a5fc8569d0be0897a6a1e30909fd7ac91a54314f74cb63e5ba8dc0d19c2e9b

Files

db54650e57624a5debe24204d6ea6fcd.zip
.zip

Password: infected
72a5fc8569d0be0897a6a1e30909fd7ac91a54314f74cb63e5ba8dc0d19c2e9b
.exe windows:10 windows x64 arch:x64

Password: infected

cbecbdf0e16268273dca4cb132d15d23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

locator.pdb

Imports

msvcrt

_amsg_exit
__getmainargs
__set_app_type
exit
_exit
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_XcptFilter

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-synch-l1-1-0

CreateEventW
WaitForSingleObject
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 396KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

cbecbdf0e16268273dca4cb132d15d23

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 252B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 396KB - Virtual size: 1.1MB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 252B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 396KB - Virtual size: 1.1MB