4b7f6f0271e4c80ab7c947062abeff1d[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

4b7f6f0271e4c80ab7c947062abeff1d.zip
Size

480KB
MD5

ecb93dd3e96bb483eee6280e09dbce22
SHA1

caf6f12ff7edd72b2f16f3709c04be668717b9fa
SHA256

0490dd4c5f2d702a4d411b998e258ef84a5ba26a070d7c83103edd0aa7eb9e77
SHA512

618d66f13054b09398ea9ff4ae0587f576d8b4d3361a7f2b1aa841c2baf99e61c3d8a81a55ee3ce158d704957eca9167b4a765e977e36ea43f40eba29e7f7f5e
SSDEEP

12288:papkMHZHLKirAHvoY4e6oYORu9pdKnaG2BymDulHkgPtB/TNl6hEl:paRHVKirmoYp6oYndKnaG2BymSRPtB7t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0d04c5a2f08948da5e0b25e744247a68325864d9ca53f7fa5b581157f4748b8c

Files

4b7f6f0271e4c80ab7c947062abeff1d.zip
.zip

Password: infected
0d04c5a2f08948da5e0b25e744247a68325864d9ca53f7fa5b581157f4748b8c
.exe windows:6 windows x64 arch:x64

Password: infected

c85b8b25f3e08babb59345a84a6e4911

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SpiderSolitaire.pdb

Imports

kernel32

DelayLoadFailureHook
LoadLibraryExA
IsProcessorFeaturePresent
UnmapViewOfFile
GetModuleHandleA
LoadLibraryA
RegOpenKeyExA
RegQueryValueExA
OutputDebugStringA
InterlockedPushEntrySList
VirtualAlloc
InterlockedPopEntrySList
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
GetProcAddress
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FreeLibrary
CloseHandle
CreateFileW
GetLocaleInfoW
GetTickCount
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
ExitProcess
CreateMutexW
GetCommandLineW
RegisterApplicationRestart
GetModuleFileNameW
SetCurrentDirectoryW
OutputDebugStringW
SleepEx
LoadLibraryW
GetVersionExW
QueryPerformanceFrequency
MultiByteToWideChar
FlushInstructionCache
MulDiv
GlobalAddAtomW
GlobalDeleteAtom
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetCurrentDirectoryW
GetFileAttributesW
MoveFileExW
CreateDirectoryW
DeleteFileW
GetFileSize
ReadFile
WriteFile
SetFilePointer
WideCharToMultiByte
CreateEventW
WaitForSingleObject
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
LockResource
RegCloseKey
GetStdHandle
WriteConsoleW
DebugBreak
GetFileType
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
GetDateFormatW
FreeResource
FindResourceExW
GetThreadLocale
LocalAlloc
FormatMessageW
GetTickCount64
CreateThread
HeapSetInformation
LocalFree
GetModuleHandleW

user32

GetFocus
SetDlgItemInt
PostMessageW
SendMessageW
UnhookWindowsHookEx
DestroyWindow
ShowCursor
KillTimer
SetTimer
GetWindowRect
SetWindowPos
IsIconic
FindWindowW
BringWindowToTop
SetForegroundWindow
RegisterRawInputDevices
LoadAcceleratorsW
PeekMessageW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
GetSystemMetrics
MonitorFromWindow
InvalidateRect
SetRect
GetKeyState
GetDoubleClickTime
GetCursorPos
GetClientRect
NotifyWinEvent
SetWindowLongPtrW
IsZoomed
GetWindowPlacement
SetWindowPlacement
ScreenToClient
BeginPaint
EndPaint
GetDC
ReleaseDC
IsWindowVisible
RedrawWindow
SetCapture
GetClassInfoExW
LoadCursorW
RegisterClassExW
RegisterWindowMessageW
SetCursor
SetClassLongPtrW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
SetMenuInfo
DrawMenuBar
SetGestureConfig
GetSysColorBrush
RegisterClassW
DestroyMenu
SetPropW
GetSubMenu
GetMonitorInfoW
GetSysColor
FillRect
DrawFrameControl
GetForegroundWindow
GetRawInputData
IntersectRect
IsRectEmpty
TrackMouseEvent
ReleaseCapture
PtInRect
DefWindowProcW
UnionRect
EqualRect
OffsetRect
EnumDisplayMonitors
MonitorFromRect
SendInput
GetWindowLongPtrW
DrawTextW
CallWindowProcW
GetWindowLongW
SetWindowLongW
GetIconInfo
GetParent
AdjustWindowRect
MessageBoxW
GetWindow
GetDlgCtrlID
SetFocus
DialogBoxParamW
CreateDialogIndirectParamW
CreateDialogParamW
GetNextDlgGroupItem
GetNextDlgTabItem
GetClassNameW
IsDialogMessageW
EndDialog
SetWindowRgn
EnumChildWindows
MapWindowPoints
GetWindowTextW
IsWindowEnabled
DrawEdge
GetProcessDefaultLayout
LoadIconW
SystemParametersInfoW
SetWindowTextW
EnableWindow
TrackPopupMenu
LoadMenuW
IsDlgButtonChecked
CheckDlgButton
LoadStringW
GetDlgItem
ShowWindow
GetMenu
SetWindowsHookExW
SetMenu
EnableMenuItem
PostQuitMessage
CreateWindowExW
UnregisterClassA
CallNextHookEx

msvcrt

strncmp
wcstoul
_vscwprintf
_errno
memmove
wcscspn
wcsspn
qsort
?_set_new_mode@@YAHH@Z
_wcsnicmp
floorf
ceilf
logf
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
_vsnwprintf_s
powf
__CxxFrameHandler3
cosf
atanf
memmove_s
_wcstoui64
wcstod
memset
sinf
atan2f
acosf
memcmp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_callnewh
malloc
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_localtime64_s
wcstol
_snwprintf_s
wcsncmp
_wcsicmp
wcschr
wcscpy_s
time
wcscat_s
clock
srand
swprintf_s
_time64
_purecall
_wtoi
wcsncpy_s
realloc
free
rand
_finite
_strdup
setlocale
iswalpha
iswspace
iswpunct
iswdigit
memcpy
sqrtf

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WinSqmIncrementDWORD
WinSqmAddToStream

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

shell32

SHGetFolderPathEx
SHGetFolderPathW
SHSetLocalizedName
ShellAboutW
CommandLineToArgvW
ShellExecuteW

advapi32

GetUserNameW

gdi32

GetStockObject
ExtTextOutA
SetTextAlign
GetTextMetricsA
CreateFontW
DeleteObject
SelectObject
CreateFontIndirectW
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
CreateRoundRectRgn
GetObjectA
GetTextColor
GetBkColor
Rectangle
CreatePen
DeleteDC
RestoreDC
SaveDC
PatBlt
ExcludeClipRect
BitBlt
CreateBitmap
CreateCompatibleDC
ExtTextOutW
GetTextExtentPoint32W
SetBkMode
SetBkColor
SetTextColor
CreateSolidBrush
MoveToEx
GetTextMetricsW
GetGlyphOutlineA
GetCharacterPlacementW
CreateDIBSection
CreateFontIndirectA
GetFontLanguageInfo
SetMapMode
GetCharacterPlacementA
GetObjectW

oleaut32

SysStringLen
SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

PathCombineW
PathFileExistsW

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

gdiplus

GdipImageRotateFlip
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDeleteRegion
GdipCreateRegionHrgn
GdipSetClipRegion
GdipSetClipRectI
GdipDrawImageRectRectI
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawString
GdipDrawImageRectI
GdipDeleteFont
GdipLoadImageFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipCreateLineBrushFromRectI
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipSetStringFormatHotkeyPrefix
GdipCreateFromHDC
GdipGetDC
GdipReleaseDC
GdipDrawLineI
GdipDrawRectangle
GdipDrawRectangleI
GdipFillRectangleI
GdipFillRegion
GdipMeasureString
GdipDrawImagePointRectI

secur32

GetUserNameExW

d3d9

Direct3DCreate9

dsound

ord11

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime

oleacc

LresultFromObject
CreateStdAccessibleProxyW
AccessibleChildren
AccessibleObjectFromWindow

xinput9_1_0

XInputGetState

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

slc

SLGetWindowsInformationDWORD

usp10

ScriptBreak
ScriptItemize

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c85b8b25f3e08babb59345a84a6e4911

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

ntdll

ole32

shell32

advapi32

gdi32

oleaut32

shlwapi

comctl32

gdiplus

secur32

d3d9

dsound

winmm

oleacc

xinput9_1_0

wtsapi32

slc

usp10

Sections

.text Size: 675KB - Virtual size: 675KB

.data Size: 36KB - Virtual size: 54KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 675KB - Virtual size: 675KB

.data
Size: 36KB - Virtual size: 54KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 9KB - Virtual size: 8KB