acd7aafa65d0dc4bdb5f04940107087b[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

acd7aafa65d0dc4bdb5f04940107087b.zip
Size

90KB
MD5

6ebd57607a2b9a2395636463e8c68267
SHA1

96f989e660932cef3164b6d3b49b5a94619913e1
SHA256

704a19197b89c0ff4dd31db275f84dfcc164c4ab0a0d45cd80b007314ba9d4eb
SHA512

fd8189a004293ea02324e688f619b4098d468791070ecc5efdad05b020ba8c3c08d1a42bbff666016c69bb00aa29a836bc195f1382fbaf7237d56ca353cf1b7a
SSDEEP

1536:emuASQEaiK5MX6E4k+jw8SHedDLkEli3tN26hDVzeNUWgAiq4HyI86vQmqxvkLD:axQMp94k6SOLutlhxj/y5d7xvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a0664ac662802905329ec6ab3b3ae843f191e6555b707f305f8f5a0599ca3f68

Files

acd7aafa65d0dc4bdb5f04940107087b.zip
.zip

Password: infected
a0664ac662802905329ec6ab3b3ae843f191e6555b707f305f8f5a0599ca3f68
.exe windows:5 windows x86 arch:x86

Password: infected

405b814c06adc9900580f724645b5a39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
lstrlenA
GetFileAttributesA
CreateProcessA
TerminateProcess
ReadFile
GetSystemDirectoryA
lstrcatA
GetEnvironmentVariableA
ExitThread
CreateDirectoryA
FindFirstFileA
GetLastError
RemoveDirectoryA
SetFileAttributesA
FindClose
GetLocalTime
CreatePipe
FindNextFileA
CloseHandle
GetTempPathA
DeleteFileA
lstrcpyA
WaitForSingleObject
CreateThread
CreateFileA
LoadLibraryA
MapViewOfFile
UnmapViewOfFile
SetFileTime
WideCharToMultiByte
MultiByteToWideChar
CreateFileMappingA
GetFileTime
GetCurrentProcessId
GetComputerNameA
ExitProcess
GetCurrentProcess
CreateMutexA
GetDriveTypeA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
SetErrorMode
GetModuleFileNameA
SetFilePointer
SystemTimeToFileTime
GetTickCount
WriteFile
FileTimeToSystemTime
GetFileInformationByHandle
GetFileSize
GetProcAddress
GetProcessHeap
SetEndOfFile
HeapFree
HeapAlloc
GetModuleHandleW
Sleep
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
RtlUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapSize
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetModuleHandleA

advapi32

GetUserNameA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

shlwapi

PathAppendA

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

405b814c06adc9900580f724645b5a39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shlwapi

Sections

.text Size: 142KB - Virtual size: 141KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 7KB - Virtual size: 22KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 142KB - Virtual size: 141KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 7KB - Virtual size: 22KB

.reloc
Size: 8KB - Virtual size: 8KB