85fc255b144ad1bae941cb10f76c562d[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

85fc255b144ad1bae941cb10f76c562d.zip
Size

10.1MB
MD5

f9d7a58c326ca336936f9103a1fc468b
SHA1

51a2cd80179b8996175d5612459928c9868d5347
SHA256

cf8d65c8fcb2a30a77d65c80bb7b64e8b9391367b15ea9a01527af6b17992a49
SHA512

563653e73ca46144ca2d73fcd53983709f0a51cb67f01adfdd8ff3f0edef61548099c39d2d4e7a06515220297d89f35c36850b45621f79c8bbe20948bb91aad6
SSDEEP

196608:8jk/gGOgkfAuQoBk0uussoCeYyYWg6TVSUfDQ7wiope2QYkjRTNsj0F:rgGOdIuQoBkasssDVSuQ7rSVk1O0F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/93c57d1b6044486f8962a08e6ce7c774d54c0dc8fad2da404eb99e451b75b2e9

Files

85fc255b144ad1bae941cb10f76c562d.zip
.zip

Password: infected
93c57d1b6044486f8962a08e6ce7c774d54c0dc8fad2da404eb99e451b75b2e9
.exe windows:5 windows x86 arch:x86

Password: infected

613eed189326e5150348769c0b41fcc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\pekow35\ceyejore93-rigunizuw_lonowapesemuno\pav.pdb

Imports

kernel32

lstrlenA
HeapAlloc
EndUpdateResourceW
ReadConsoleA
GetCurrentProcess
SetEvent
SleepEx
BackupSeek
CreateActCtxW
GetEnvironmentStrings
InitAtomTable
HeapDestroy
GetFileAttributesA
FindNextVolumeW
GetTapePosition
WriteConsoleW
GetModuleFileNameW
ReleaseSemaphore
DeactivateActCtx
InterlockedExchange
GetLastError
GetProcAddress
BeginUpdateResourceW
RemoveDirectoryA
GetProcessVersion
LocalAlloc
CreateIoCompletionPort
GetModuleHandleA
VirtualProtect
SetProcessShutdownParameters
GetCurrentProcessId
FindNextVolumeA
lstrcpyA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapFree
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
CloseHandle
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
Sleep
RtlUnwind
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
MultiByteToWideChar
HeapReAlloc
IsProcessorFeaturePresent
HeapSize
LCMapStringW
GetStringTypeW
CreateFileW

Exports

Exports

@GetFirstVice@8

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sip
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mef
Size: 512B - Virtual size: 23B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 14.6MB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

613eed189326e5150348769c0b41fcc9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 84KB

.sip Size: 1024B - Virtual size: 624B

.mef Size: 512B - Virtual size: 23B

.rsrc Size: 14.6MB - Virtual size: 65KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 84KB

.sip
Size: 1024B - Virtual size: 624B

.mef
Size: 512B - Virtual size: 23B

.rsrc
Size: 14.6MB - Virtual size: 65KB