fb50dbe4caaf46ce7a36db9c02864fd7[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

fb50dbe4caaf46ce7a36db9c02864fd7.zip
Size

382KB
MD5

de7cec2714768f2d13a4f5b13cec9d21
SHA1

1ccbb599f3786bd47f9a0da41fae2f3f4127f980
SHA256

22b12d18e5d00de564333a5efbdec9d1d9068f29cec29151d5a75d9789aa6524
SHA512

6f7afb3a5079d53f958cb1c580f089b2470ee77dd39a7601c3256c725b19e24cc195cf09291a2557d2bdd38b590bde88e605953fea6bab06624ca59aaedeeb48
SSDEEP

6144:4y2IOPz2vJQqy/c6G0a6DxRsMT5HAmF4LbTdNWZXJ1styk01kmIC:4yEz2CkST7sc5HAjbBibstyhjIC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4c91136272aed1a488d7071f8d8d26e8b7812f8b124579ea71df14aa34dd6959

Files

fb50dbe4caaf46ce7a36db9c02864fd7.zip
.zip

Password: infected
4c91136272aed1a488d7071f8d8d26e8b7812f8b124579ea71df14aa34dd6959
.exe windows:5 windows x86 arch:x86

Password: infected

81c720f8641914edcd344a3a79369611

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SqlDumper.pdb

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

psapi

GetModuleFileNameExW
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

iphlpapi

GetExtendedTcpTable

ws2_32

ntohs

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
Thread32First
VirtualFreeEx
InitializeCriticalSectionAndSpinCount
Sleep
ReadProcessMemory
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesW
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
FindClose
OpenThread
SetConsoleCtrlHandler
GetExitCodeThread
CreateEventW
GetSystemInfo
WriteFile
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
DebugBreak
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualFree
GetModuleHandleW
SleepEx
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
FreeLibrary
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
GetFileSize
ExitProcess
ExpandEnvironmentStringsW
SetLastError
GetPrivateProfileStringW
lstrlenW
CompareStringW
GetProcessHeap
SetEnvironmentVariableW
HeapReAlloc
GetEnvironmentVariableW
CreateRemoteThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
LoadLibraryExA

advapi32

RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

msvcr100

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
exit
_wstrtime_s
_time64
wcsncmp
swscanf_s
??3@YAXPAX@Z
_vsnwprintf
wcsrchr
_wmakepath_s
memset
_wremove
_errno
_wsplitpath_s
wcsnlen
qsort
_wtoi
wcstoul
_gmtime64_s
_wcsicmp
wcschr
_wstrdate_s
_swscanf_s_l
__CxxFrameHandler3
memcpy
_stricmp
wprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

81c720f8641914edcd344a3a79369611

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

psapi

rpcrt4

iphlpapi

ws2_32

version

kernel32

advapi32

msvcr100

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 138KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 138KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB