1d4388271e7fd7e572c39e200435fd71[.]zip

General

Target

1d4388271e7fd7e572c39e200435fd71.zip
Size

113KB
MD5

5f5a96e50ca714f866e2ecddc65024e3
SHA1

4b454f1863f8ea9c03d513f67183651d3afca56a
SHA256

f981a4d53016764b1bcfe3af51f6fae3b9c14defd9c75ab6fbebf2572b95aec9
SHA512

d598f515ba88de9e7d2dee9401f548ae0aa98f36c5be1d74178eaeca65ce6b9224bb87a4caf8ae48fd26548f1005e1dba1d02b57ecbe37cde2f850656e1734e6
SSDEEP

3072:jZVla/mmnCUfiL5EgUyYiMkRJhGvpddRQBf2t2:jzldmTfQTLMkRvGvp3RaQ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ab0734706fe0171a2f8db0c9c8fbe43ac816c8ea37a4512ad05b9238f1639f14

Files

1d4388271e7fd7e572c39e200435fd71.zip
.zip

Password: infected
ab0734706fe0171a2f8db0c9c8fbe43ac816c8ea37a4512ad05b9238f1639f14
.exe windows:1 windows x86 arch:x86

Password: infected

42db3a9eec38e38518b0e27d21bdf33d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetModuleHandleA
GetProcAddress
CloseHandle
RtlUnwind
GetStartupInfoA
lstrlenA
LoadLibraryA
GetModuleHandleA
GetProcAddress

crtdll

__GetMainArgs
exit
raise
signal

user32

GetDlgItemInt
SetTimer
KillTimer
LoadIconA
ShowWindow
LoadStringA
SendMessageA
GetDlgItem
wsprintfA
MessageBoxA
ReleaseDC
GetDC
GetSystemMetrics
InvalidateRect
EndPaint
BeginPaint
LoadCursorA
PostMessageA
PostQuitMessage
DialogBoxParamA
EndDialog
DispatchMessageA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.MPRESS1
Size: 142KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SCY
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

42db3a9eec38e38518b0e27d21bdf33d

Headers

File Characteristics

Imports

iphlpapi

kernel32

crtdll

user32

advapi32

Sections

.MPRESS1 Size: 142KB - Virtual size: 148KB

.MPRESS2 Size: 3KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.SCY Size: 1024B - Virtual size: 4KB

.MPRESS1
Size: 142KB - Virtual size: 148KB

.MPRESS2
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.SCY
Size: 1024B - Virtual size: 4KB