5a6fc31c06505487116b333e86f390d5[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5a6fc31c06505487116b333e86f390d5.zip
Size

556KB
MD5

23aac5ab0874eeccbdb641ba44e86f62
SHA1

8e37fe3acfbb27c2f6f21becf33c49114ee60dd2
SHA256

f5168757fc6ba091d5e7d2c52c2473bb9016fbe82cb8010efd1a9a3949b0a1ac
SHA512

daea5c98359514ef29ea241cfe4ee8d922dd51179f89c773c4be8bd63dd8f31b7df2f2b3bbb60445629bd93c91b4b4e316b6b31a77586baec587349f13415bb7
SSDEEP

12288:sY+lAw+Q9VsJHYgYtAxrWOEQRoNevAbjStbn20fB7UwDAe:srecXgYtAkURoNiTJgbe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/20f706b56ad787446d419bd5d08820b04ff7f3f6426e164bf34d26594a793eb8

Files

5a6fc31c06505487116b333e86f390d5.zip
.zip

Password: infected
20f706b56ad787446d419bd5d08820b04ff7f3f6426e164bf34d26594a793eb8
.exe windows:5 windows x86 arch:x86

Password: infected

81c720f8641914edcd344a3a79369611

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SqlDumper.pdb

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

psapi

GetModuleFileNameExW
GetModuleBaseNameA
GetModuleInformation
EnumProcessModules

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

iphlpapi

GetExtendedTcpTable

ws2_32

ntohs

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

OpenProcess
Thread32First
VirtualFreeEx
InitializeCriticalSectionAndSpinCount
Sleep
ReadProcessMemory
FormatMessageW
GetVersionExW
LeaveCriticalSection
GetFileAttributesW
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
FlushFileBuffers
GetLastError
GetProcAddress
VirtualAlloc
EnterCriticalSection
VirtualAllocEx
FindClose
OpenThread
SetConsoleCtrlHandler
GetExitCodeThread
CreateEventW
GetSystemInfo
WriteFile
CreateToolhelp32Snapshot
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
DebugBreak
WriteProcessMemory
SuspendThread
ResumeThread
CreateThread
VirtualFree
GetModuleHandleW
SleepEx
SetEvent
GetComputerNameW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
FreeLibrary
VirtualQuery
SetFilePointer
FindFirstFileW
FindNextFileW
GetFileSize
ExitProcess
ExpandEnvironmentStringsW
SetLastError
GetPrivateProfileStringW
lstrlenW
CompareStringW
GetProcessHeap
SetEnvironmentVariableW
HeapReAlloc
GetEnvironmentVariableW
CreateRemoteThread
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
RaiseException
InterlockedExchange
LocalAlloc
LoadLibraryExA

advapi32

RegOpenKeyW
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyExW
QueryServiceStatusEx
SetServiceStatus
StartServiceW
LookupPrivilegeValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenProcessToken
CloseServiceHandle

msvcr100

_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
??2@YAPAXI@Z
exit
_wstrtime_s
_time64
wcsncmp
swscanf_s
??3@YAXPAX@Z
_vsnwprintf
wcsrchr
_wmakepath_s
memset
_wremove
_errno
_wsplitpath_s
wcsnlen
qsort
_wtoi
wcstoul
_gmtime64_s
_wcsicmp
wcschr
_wstrdate_s
_swscanf_s_l
__CxxFrameHandler3
memcpy
_stricmp
wprintf

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

81c720f8641914edcd344a3a79369611

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

psapi

rpcrt4

iphlpapi

ws2_32

version

kernel32

advapi32

msvcr100

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 138KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 138KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB