41db7839e4fa1ce07b0cac51b450cc49[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

41db7839e4fa1ce07b0cac51b450cc49.zip
Size

178KB
MD5

c6422d595e5dccf5c83590299f91bde9
SHA1

b03b6cf4b6c92a59093137512c21cbdb3c2cd6ea
SHA256

20d7b82639f3d388b7ad8267c54eae2693955064a35fcc105e815819f737fe9d
SHA512

13216a671f5c62f479a89426ac2368b67b4733e7cc5fe98b14f05b326c054a3fdb66846d8895208747b113939d0cded9a4b096815d59f3cd4c06f3cd50c10458
SSDEEP

3072:XVp6aLs3S+gkPpfygVMdQ9+34AhKs3WolmDluBWNuCrZ4qhE6SMfxIlZw5:Xr6XhBfygVeG3GBWNluAP4exSMfxIlZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/598ab8769532757279af4bd421479814a98a1f43760a89a700ecab0ae5b3a5dd

Files

41db7839e4fa1ce07b0cac51b450cc49.zip
.zip

Password: infected
598ab8769532757279af4bd421479814a98a1f43760a89a700ecab0ae5b3a5dd
.exe windows:4 windows x86 arch:x86

Password: infected

b6096454c0b0666c7e487d2e3e0cbf92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetFileSize
FindResourceA
SetFilePointer
FreeLibrary
LoadResource
UpdateResourceA
SetFileTime
WriteFile
GetDriveTypeA
SizeofResource
GetFileAttributesA
ReadFile
MultiByteToWideChar
FindFirstFileA
GetLastError
CopyFileA
SetFileAttributesA
FindClose
LockResource
BeginUpdateResourceA
GetModuleFileNameA
FindNextFileA
LoadLibraryExA
EnumResourceNamesA
GetFileTime
EndUpdateResourceA
WinExec
CloseHandle
DeleteFileA
CompareStringW
CompareStringA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
Sleep
WideCharToMultiByte
GetTimeZoneInformation
RaiseException
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
InitializeCriticalSection
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

rpcrt4

RpcMgmtEpUnregister

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l2
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b6096454c0b0666c7e487d2e3e0cbf92

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

rpcrt4

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 140KB - Virtual size: 146KB

.rmnet Size: 4KB - Virtual size: 1KB

.l1 Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 1KB

.l2 Size: 12KB - Virtual size: 12KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 140KB - Virtual size: 146KB

.rmnet
Size: 4KB - Virtual size: 1KB

.l1
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 1KB

.l2
Size: 12KB - Virtual size: 12KB