399aa88a3ee9471c7c6a428b13994636[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

399aa88a3ee9471c7c6a428b13994636.zip
Size

1.4MB
MD5

da8a5890b1150d674e67e7f93c1c9318
SHA1

f5f8bd2cd54da74faa1d1a3995f86b46e9b8fb1e
SHA256

838f58863c52d669888483f404222567e91538d9f6fcc27616c0d084dc44dc82
SHA512

a734450327d1096fd3262cb4bf4708d7bac205eefb755a9c20a1b1d18fe5fadf4f1b2edef6dd230d34ce486ad90abbd715630dd1a867bb2beff32ed489709b92
SSDEEP

24576:VT/1Y9xKfrxcwP3A7wgBOPFQ0Kv6/MKHs4dtRguDb+uETf74qWtxJ8ZsHefgzEUl:VT+9Cr6wY0gkPK0KWN12uDb3Uf7ctxys

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/37365d2413fcc790064f20fb64b5793d0c17165ac5facf2fff4046de2c30059c

Files

399aa88a3ee9471c7c6a428b13994636.zip
.zip

Password: infected
37365d2413fcc790064f20fb64b5793d0c17165ac5facf2fff4046de2c30059c
.dll windows:6 windows x86 arch:x86

Password: infected

47d186778bc9d198554e460e0d3becb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
HeapAlloc
QueueUserAPC
LocalFree
GetFileSize
DeleteCriticalSection
VerSetConditionMask
GetProcessHeap
WideCharToMultiByte
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
CreateSemaphoreA
CreateEventA
CreateIoCompletionPort
WaitForSingleObjectEx
TerminateThread
DisableThreadLibraryCalls
SetEvent
CreateFileA
GetLastError
FormatMessageW
Sleep
MultiByteToWideChar
CreateEventW
PostQueuedCompletionStatus
GetModuleHandleA
DuplicateHandle
WaitForSingleObject
GetQueuedCompletionStatus
LeaveCriticalSection
SetEndOfFile
DeleteFileW
MoveFileExA
DeviceIoControl
RemoveDirectoryA
GetFileAttributesExA
GetFileAttributesA
CreateDirectoryA
ReadConsoleA
SetConsoleMode
LoadLibraryW
LoadLibraryA
ConvertThreadToFiber
ConvertFiberToThread
GetEnvironmentVariableW
FindFirstFileW
CreateFiber
DeleteFiber
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
WaitForMultipleObjectsEx
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
ResumeThread
GetProcAddress
CreateWaitableTimerA
InitializeCriticalSection
LoadLibraryExA
GetSystemTime
SystemTimeToFileTime
RaiseException
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
WriteConsoleW
OutputDebugStringW
WaitForMultipleObjects
ReleaseSemaphore
SwitchToFiber
TlsAlloc
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
TlsSetValue
SetWaitableTimer
ReadFile

ws2_32

WSAGetLastError
socket
send
recv
WSACleanup
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
setsockopt
ntohl
listen
WSASetLastError
WSAStringToAddressW
WSASocketW
WSAStartup
getsockname
connect
WSARecv
getsockopt
htonl
htons
ioctlsocket
gethostbyname

secur32

FreeContextBuffer
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext

advapi32

CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
GetUserNameA
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptAcquireContextA

shell32

SHGetFolderPathA

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation

Exports

Exports

ImgConvert

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

47d186778bc9d198554e460e0d3becb7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

secur32

advapi32

shell32

crypt32

bcrypt

user32

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 635KB - Virtual size: 634KB

.data Size: 62KB - Virtual size: 78KB

.rsrc Size: 97KB - Virtual size: 97KB

.reloc Size: 91KB - Virtual size: 91KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 635KB - Virtual size: 634KB

.data
Size: 62KB - Virtual size: 78KB

.rsrc
Size: 97KB - Virtual size: 97KB

.reloc
Size: 91KB - Virtual size: 91KB