f014f5b34eb8b37c72f17afd68911430[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

f014f5b34eb8b37c72f17afd68911430.zip
Size

7.5MB
MD5

ff0af75d44883c5319e5ed98fd4a45a0
SHA1

11b4587e3802a3accb3bba56c10cb90656200dc3
SHA256

05e4b3fbd211663d158b569a112fe3d1792ba8b7e22a5d0136fad5cacd1f4e0a
SHA512

ef21beacadd38b43ab1feddc5071db5b1a84fcc80741ebb4f27f881923325813b614408130431f24e15b2c05663a6027b60f6962ee7036016e1816b52e3b54af
SSDEEP

196608:BDK1v8zQCPhhtX6IbyOVPsODzS9KLvjoqHv/XkkEBkqH:xKoQ67tX6IbyctzKKTvP/la

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/aa3c446f5ce22468343ffd672d741a601c905843cd6e7bc189ba8002115e0ab8

Files

f014f5b34eb8b37c72f17afd68911430.zip
.zip

Password: infected
aa3c446f5ce22468343ffd672d741a601c905843cd6e7bc189ba8002115e0ab8
.exe windows:4 windows x86 arch:x86

Password: infected

dadb716a092209404a657f8bc2e8f949

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2379
ord2818
ord755
ord470
ord2135
ord818
ord1949
ord4034
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3874
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord1134
ord4853
ord2688
ord6215
ord2086
ord3317
ord4710
ord3996
ord3998
ord6907
ord6007
ord6334
ord4224
ord3286
ord823
ord2915
ord3301
ord858
ord941
ord939
ord535
ord4234
ord2302
ord2370
ord2362
ord2301
ord825
ord324
ord567
ord540
ord860
ord1168
ord1576
ord1146
ord641
ord693
ord616
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord5265
ord3582
ord4424
ord3402
ord5290
ord4398
ord1776
ord6055
ord2578
ord4218
ord2023
ord2411
ord3640
ord3370
ord4402
ord3346
ord2582

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_setmbcp
_strlwr
__CxxFrameHandler
strchr
memcpy
memset
strcpy
strlen
_mbsicmp
_strdup
free
strcmp
atoi
_stricmp
_strnicmp
_acmdln
exit
_XcptFilter
_exit
__dllonexit
rand
_beginthreadex
memmove
_mbscmp
strcat
strrchr
memcmp
strncmp
sprintf
_onexit

kernel32

WaitForSingleObject
CloseHandle
SetLastError
VirtualQuery
VirtualProtect
GetProcAddress
GetLastError
ReadProcessMemory
WriteProcessMemory
LoadLibraryA
GetModuleHandleA
GetLocalTime
OutputDebugStringA
Sleep
PostQueuedCompletionStatus
CreateMutexA
GetCommandLineA
GetWindowsDirectoryA
ProcessIdToSessionId
GetCurrentProcessId
FreeLibrary
OpenProcess
GetStartupInfoA
CreateEventA
SetEvent
ResetEvent
WriteFile
CreateFileA
ReadFile
GetFileSize
GetTickCount
CreateProcessA
MoveFileExA
GetTempFileNameA
CreateDirectoryA
GetTempPathA
GetDriveTypeA
GetLogicalDriveStringsA
FindNextFileA
FindFirstFileA
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
GetSystemInfo
GetCurrentProcess
GetQueuedCompletionStatus
LeaveCriticalSection
TerminateThread
CreateIoCompletionPort
WaitForMultipleObjects
EnterCriticalSection

user32

GetSystemMetrics
GetClientRect
IsIconic
SetTimer
PostMessageA
wsprintfA
EnableWindow
KillTimer
LoadIconA
SendMessageA
DrawIcon

comdlg32

GetSaveFileNameA
CommDlgExtendedError

advapi32

QueryServiceStatus
RegSetValueExA
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateProcessAsUserA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ControlService
StartServiceA
RegDeleteKeyA
RegEnumValueA
DeleteService
OpenSCManagerA
RegOpenKeyExA
CreateServiceA
OpenServiceA
ChangeServiceConfigA
ChangeServiceConfig2A
CloseServiceHandle
RegCreateKeyA
RegQueryValueExA
RegCloseKey

ole32

OleInitialize

oleaut32

VariantInit

dbghelp

ImageDirectoryEntryToData

psapi

GetModuleBaseNameA
EnumProcesses

ws2_32

inet_addr
WSAStartup
WSACleanup
closesocket
htons
WSAGetLastError
WSASocketA
WSAConnect
WSAIoctl
WSASend
WSARecv

mswsock

GetAcceptExSockaddrs
AcceptEx

dnsapi

DnsRecordListFree
DnsQuery_A

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

dadb716a092209404a657f8bc2e8f949

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

comdlg32

advapi32

ole32

oleaut32

dbghelp

psapi

ws2_32

mswsock

dnsapi

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB