da879f76bd54d11202a4ae6abfdcfa3c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

da879f76bd54d11202a4ae6abfdcfa3c.zip
Size

1.4MB
MD5

14c88062ac18cff4961e6a7937a4004b
SHA1

2ef1f39785a21cd6f0dd98f244ed9f808606ebd0
SHA256

386826228b9e0ea4ad04d64d228fa6a107e306f1b5fc53d6a41a38e55bcbd35a
SHA512

e0c7e12e17fccb05a380d3840f839631c69ddc0ceaeb01b8e172f3185995fa8bb556dca64777b957d3ab2032c3d7db44877238577de2cef4b563f46e8a7d253e
SSDEEP

24576:gnC+W5alE+bfx1j6qwriW8lVRo+ZDQ3bcgL8/Ou4y1BI2kwQ0ex94SyggUTR:gn5W5iE+fxpW8lsUDdgLSdg2kj00njgI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c0339698f1127592325e3f2e2f44f2eeba4c6898e3331a733bee4cdee41ae400

Files

da879f76bd54d11202a4ae6abfdcfa3c.zip
.zip

Password: infected
c0339698f1127592325e3f2e2f44f2eeba4c6898e3331a733bee4cdee41ae400
.exe windows:5 windows x86 arch:x86

Password: infected

2938fa2df7e806927b9ad495b8f205f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
MoveFileW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteFile
GetDriveTypeW
GetTempFileNameW
GetProcAddress
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
DeleteFileW
LocalAlloc
SetLastError
MultiByteToWideChar
GetFileAttributesW
CopyFileW
LocalFree
CreateFileW
ReadFile
CreateProcessW
GetFileSize
CreateThread
CloseHandle
lstrcmpiW
CreateEventW
GetLastError
GetModuleFileNameW
Sleep
SetEvent
MoveFileExW
WaitForSingleObject
CreateDirectoryW
LCMapStringW
CompareStringW
HeapReAlloc
OutputDebugStringW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
ReadConsoleW
GetConsoleMode
RtlUnwind
GetStringTypeW
SetEnvironmentVariableW
SetEnvironmentVariableA
RaiseException
GetCPInfo
GetCommandLineW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetFileAttributesExW
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
SetEndOfFile

user32

LoadStringA
wsprintfW

advapi32

DeleteService
OpenServiceW
SetServiceObjectSecurity
OpenSCManagerW
CloseServiceHandle
CreateServiceW
RegisterServiceCtrlHandlerW
OpenSCManagerA
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CreateWellKnownSid
GetSecurityDescriptorDacl
RegSetValueExW
RegCloseKey
QueryServiceConfigW
ControlService
BuildExplicitAccessWithNameW
RegOpenKeyExW
FreeSid
SetEntriesInAclW
ChangeServiceConfigW
QueryServiceStatus
LookupAccountSidW
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherW
SetServiceStatus
InitializeSecurityDescriptor

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CertFindCertificateInStore
CertGetNameStringA
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathAppendW
PathStripToRootW
PathQuoteSpacesW
PathUnquoteSpacesW
PathRemoveFileSpecW

ole32

CoCreateGuid

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2938fa2df7e806927b9ad495b8f205f3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

crypt32

wintrust

version

shlwapi

ole32

rpcrt4

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB