aff4c1b714bea66107591fd63b1d4e6b[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

aff4c1b714bea66107591fd63b1d4e6b.zip
Size

14KB
MD5

74d2094912e39a519c77a80be3918087
SHA1

24eba09976e7895ffafcb3128de6d181744654f8
SHA256

dafaf790e27209faea5333e6561676c7e8cbf05b69dc5680b5ca2296d3e1caf9
SHA512

90903617aeb3f533c45f58eaa688593f1999ebb8e239334d90818be0982a734d4ff4efba566b369620cb55334b1ac0f6238925aa8822abbcb593587f83c92fec
SSDEEP

384:PFY+Jeu2RRGajRWB8beTJ0+Giu7bi2Idg+1Q7Dy7:PW+EhRdjRWB8b8NRuv8/1Qo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/27e36d1625611f4dcdd5d2adae2c8a467857fa5258fedff6bf696efcada76142

Files

aff4c1b714bea66107591fd63b1d4e6b.zip
.zip

Password: infected
27e36d1625611f4dcdd5d2adae2c8a467857fa5258fedff6bf696efcada76142
.dll windows:6 windows x86 arch:x86

Password: infected

27544a75451721e2c0a82817672f97d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
lstrlenW
lstrcatW
lstrcmpW
VirtualProtect
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
_hwrite
GetAtomNameA
WideCharToMultiByte
LeaveCriticalSection
GetTempPathW
WritePrivateProfileSectionA
SetFilePointerEx
CreateThread

comdlg32

ReplaceTextW
PrintDlgW
PageSetupDlgA
ChooseFontW
FindTextA
GetSaveFileNameW

odbc32

ord239
ord255
ord35
ord67
ord108
ord227
ord28
ord53
ord139
ord206

rtm

MgmTakeInterfaceOwnership
RtmGetRouteAge
RtmBlockSetRouteEnable
RtmGetNextRoute
RtmCloseEnumerationHandle
RtmBlockConvertRoutesToStatic
MgmDeInitialize

msvfw32

ICInfo

avifil32

AVIStreamOpenFromFileW
AVIStreamTimeToSample
EditStreamPaste
AVIPutFileOnClipboard

setupapi

SetupAddSectionToDiskSpaceListW
SetupDiGetDeviceInfoListClass
SetupDefaultQueueCallback
SetupDiSetSelectedDriverA
SetupDiCreateDeviceInterfaceRegKeyW
SetupOpenLog
SetupDeleteErrorA

msi

ord8
ord113
ord63
ord164
ord124
ord150

user32

wsprintfW

advapi32

RegNotifyChangeKeyValue
RegGetValueW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW

ole32

PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CLSIDFromString

msvcrt

malloc
_adjust_fdiv
wcstol
_initterm
free
memset
memcmp

Exports

Exports

sbgzamr

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

27544a75451721e2c0a82817672f97d6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

odbc32

rtm

msvfw32

avifil32

setupapi

msi

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 936B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 936B