5b09bc4accb52585f2d83883a37d57d2[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

5b09bc4accb52585f2d83883a37d57d2.zip
Size

282KB
MD5

f13942f76ef908239f686c54fbf7002f
SHA1

18e83d69ffd818b0c758e8742701140f5edcd577
SHA256

759a36d94877eaa0d5d55cb6ad24285fce3ca4e741817ba181c2d74cfc5023c6
SHA512

a422ab05fe7e9651dee0e5904308ee75aa2b5122024972ee0a0d38a663b7b00dfd85ce99fc35c9569ec48606c142d9cadbbc7909f13ad7123ecebb2c6c0dc20a
SSDEEP

6144:Jwhpfov0TfM9O0XzA7JyAAa5D3M5KC/M13htWzJHdESd9v:if6a5TM5KC/IhI9ESLv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6956a61898fe7bf923cd2eab26dbe5a408dc11d4ab5c9fe2041603b2bb8bf572

Files

5b09bc4accb52585f2d83883a37d57d2.zip
.zip

Password: infected
6956a61898fe7bf923cd2eab26dbe5a408dc11d4ab5c9fe2041603b2bb8bf572
.exe windows:10 windows x64 arch:x64

Password: infected

4c9b51ec0bbedefc3b06549b56180167

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

xbgmsvc.pdb

Imports

msvcrt

_CxxThrowException
?terminate@@YAXXZ
_lock
__C_specific_handler
_fmode
_initterm
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
__setusermatherr
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
memcpy
??0exception@@QEAA@XZ
_XcptFilter
??1exception@@UEAA@XZ
_purecall
_unlock
??3@YAXPEAX@Z
memcpy_s
memmove
_cexit
_commode
__dllonexit
_exit
_onexit
_vsnwprintf
??1type_info@@UEAA@XZ
_amsg_exit
exit
__set_app_type
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBDH@Z
??_V@YAXPEAX@Z
__wgetmainargs
memset

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleFileNameA
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
ReleaseMutex
CreateMutexExW
EnterCriticalSection
OpenSemaphoreW
ReleaseSemaphore
WaitForSingleObjectEx
CreateSemaphoreExW

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

ntdll

NtQuerySystemInformation

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAddFunctionTable

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy
SetProcessMitigationPolicy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileSizeEx
WriteFile
ReadFile
CreateFileW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 396KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4c9b51ec0bbedefc3b06549b56180167

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-memory-l1-1-0

ntdll

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 396KB - Virtual size: 1.1MB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 396KB - Virtual size: 1.1MB