db007dad6798ba58f5817d22c8ad9775[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

db007dad6798ba58f5817d22c8ad9775.zip
Size

1.4MB
MD5

1419914820c25dcf86a44304522572d7
SHA1

c943ff3a41b69badc50e5e2e6c0e0d2641e37216
SHA256

ccf89cd2c57f3fba8ed33ee85760d3834b4af709665954b0523d034f0ec78073
SHA512

b67a9b70288f45c53f52ce9d09486120228503fb896144b371186503f512f64f0ef31c3c02b438306d00c30a8eed75a257c3da80b708acece17d43bdfe2b6b70
SSDEEP

24576:achTw1IhsbeXZboNdL5SlT2M103uNcFKiCpP1z63iMHSxXuUQFSyu82Eid5:achTq4ZboNdLkd2M1e10kzHSpuUb82EA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f2ea01918463d6c86c8675a48274811e2b0e3d6c4eff1cdddf8c0db301e8f4a

Files

db007dad6798ba58f5817d22c8ad9775.zip
.zip

Password: infected
6f2ea01918463d6c86c8675a48274811e2b0e3d6c4eff1cdddf8c0db301e8f4a
.dll windows:6 windows x86 arch:x86

Password: infected

47d186778bc9d198554e460e0d3becb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
HeapAlloc
QueueUserAPC
LocalFree
GetFileSize
DeleteCriticalSection
VerSetConditionMask
GetProcessHeap
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateSemaphoreA
CreateEventA
CreateIoCompletionPort
WaitForSingleObjectEx
TerminateThread
DisableThreadLibraryCalls
SetEvent
CreateFileA
GetLastError
FormatMessageW
Sleep
MultiByteToWideChar
CreateEventW
PostQueuedCompletionStatus
GetModuleHandleA
DuplicateHandle
WaitForSingleObject
GetQueuedCompletionStatus
LeaveCriticalSection
SetEndOfFile
DeleteFileW
MoveFileExA
DeviceIoControl
RemoveDirectoryA
GetFileAttributesExA
GetFileAttributesA
CreateDirectoryA
ReadConsoleA
SetConsoleMode
LoadLibraryW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetEnvironmentVariableW
FindFirstFileW
CreateFiber
DeleteFiber
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
GetProcAddress
CreateWaitableTimerA
InitializeCriticalSection
LoadLibraryExA
GetSystemTime
SystemTimeToFileTime
RaiseException
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
WriteConsoleW
OutputDebugStringW
WaitForMultipleObjects
ReleaseSemaphore
SwitchToFiber
TlsAlloc
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
TlsSetValue
SetWaitableTimer
ReadFile

ws2_32

WSAGetLastError
socket
send
recv
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
setsockopt
ntohl
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
WSAStartup
getsockname
connect
WSARecv
getsockopt
htonl
htons
ioctlsocket
gethostbyname

secur32

FreeContextBuffer
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext

advapi32

CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
GetUserNameA
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptAcquireContextA

shell32

SHGetFolderPathA

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

Exports

Exports

table_release

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

47d186778bc9d198554e460e0d3becb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

secur32

advapi32

shell32

crypt32

bcrypt

user32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 635KB - Virtual size: 634KB

.data Size: 62KB - Virtual size: 78KB

.rsrc Size: 134KB - Virtual size: 133KB

.reloc Size: 91KB - Virtual size: 91KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 635KB - Virtual size: 634KB

.data
Size: 62KB - Virtual size: 78KB

.rsrc
Size: 134KB - Virtual size: 133KB

.reloc
Size: 91KB - Virtual size: 91KB