5ec4fafc00f8fcbcf0d96e5811970a72[.]zip

General

Target

5ec4fafc00f8fcbcf0d96e5811970a72.zip
Size

120KB
MD5

2d64b604d085b727782b825d90a6e145
SHA1

98eb4ea04bdbc4fdcffbf57dad5f6ac1aa5ff4d6
SHA256

886c48debfd027086ef56a86809887884ff73ce0f290df1a448ab23bea61a95d
SHA512

2c37b53d462195000cf2d138eaebcb24b473a793ffac758a9742b2cb2fb2166b98b52334202358339107c58fcfdb6418398a4907280b72596e870492ce512d61
SSDEEP

1536:/oGX9VtU7dCCslzNPJ7jxrhJDpXpsLD8YkoyDcfAwkBPw2nWaIM9xzsYFey+ii:/oGtnrNhHx1J1X0ecNkO2WHMpFey+J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/be538d3cbf71e1d1ae503f760fff7d6bf99e0ddf3626a5942272a277e8ccbbd6

Files

5ec4fafc00f8fcbcf0d96e5811970a72.zip
.zip

Password: infected
be538d3cbf71e1d1ae503f760fff7d6bf99e0ddf3626a5942272a277e8ccbbd6
.exe windows:4 windows x86 arch:x86

Password: infected

0ab8af968841351a6340b418cb8a364d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassExA
TranslateMessage
PostQuitMessage
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
DefWindowProcA
SendMessageA
CreateWindowExA
CharLowerA

kernel32

lstrlenA
lstrcpyA
lstrcmpiA
BeginUpdateResourceA
CloseHandle
CopyFileA
CreateFileA
CreateFileMappingA
CreateThread
DeleteFileA
EndUpdateResourceA
EnumResourceNamesA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FindResourceA
FreeLibrary
GetCommandLineA
GetDriveTypeA
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
GetSystemDefaultLangID
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryA
LoadResource
LockResource
MapViewOfFile
MoveFileA
ReadFile
RtlMoveMemory
SetEndOfFile
SetFilePointer
SizeofResource
Sleep
UnmapViewOfFile
UpdateResourceA
WinExec
WriteFile
lstrcatA
lstrcmpA

shlwapi

PathFindExtensionA

urlmon

URLDownloadToFileA

advapi32

RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

dbghelp

MakeSureDirectoryPathExists

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

0ab8af968841351a6340b418cb8a364d

Headers

File Characteristics

Imports

user32

kernel32

shlwapi

urlmon

advapi32

shell32

dbghelp

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 21KB - Virtual size: 21KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 21KB - Virtual size: 21KB