781b0287509d01e09e331ca0f1fbe809[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

781b0287509d01e09e331ca0f1fbe809.zip
Size

17KB
MD5

4d74a7fb27ee2c4ea7d9ee56622ae762
SHA1

0823324c63cef80139777d6285cdeec5e7d1301d
SHA256

1497c592c5f0d04db1ce51d1458a7dd0a2d00f31db619d245df3eec7496f934a
SHA512

c4d1ecde6aa97d38f6adebf568a5b123cb975aeed832d99418422723d3c755d88611a562ae34fe4d65c144b452f9e2fed10c6d7ae0d3043478ceaf0494459774
SSDEEP

384:0Hs2TuJi3M5BTIlFqydmIbPTBMK9T10wyeLtFvaO1hpaXcXn:YTCiczklFqpIbPNMnitdaBc3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f1c5931bcebe7798da5d44531a911fa001f0134e6c35009de3fbb14d7eae604b

Files

781b0287509d01e09e331ca0f1fbe809.zip
.zip

Password: infected
f1c5931bcebe7798da5d44531a911fa001f0134e6c35009de3fbb14d7eae604b
.dll windows:4 windows x86 arch:x86

Password: infected

f1daf20a79fe92631bf23f237b815694

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UpdateWindow
UnregisterHotKey
TranslateMessage
ShowWindow
SetWindowTextA
SetTimer
SetForegroundWindow
SetFocus
SetCursorPos
SetClassLongA
wsprintfA
RegisterHotKey
RegisterClassExW
MoveWindow
MessageBoxA
LoadIconA
LoadCursorA
KillTimer
GetWindowTextA
GetWindowRect
GetSystemMetrics
GetMessageA
GetFocus
GetCursorPos
DispatchMessageA
CallWindowProcW
RegisterClassExA
DestroyWindow
DefWindowProcA
CreateWindowExA
ChangeDisplaySettingsA

kernel32

lstrlenA
lstrcmpiA
lstrcatA
WriteFile
WriteConsoleInputA
SystemTimeToFileTime
Sleep
SetSystemPowerState
RtlMoveMemory
ReadFile
OpenMutexA
LoadLibraryA
GlobalFindAtomA
GlobalAddAtomA
GetTickCount
GetSystemTime
GetProcessHeaps
GetModuleHandleA
GetCommandLineA
FlushViewOfFile
ExitThread
ExitProcess
CreateFileA
CloseHandle
Beep
LoadLibraryExA

shell32

ShellAboutA

advapi32

GetSecurityInfo
GetMultipleTrusteeOperationA
GetMultipleTrusteeA
GetLengthSid

gdi32

RemoveFontResourceA
SetTextCharacterExtra
GetWindowExtEx
GetROP2
GetPolyFillMode
GetPixelFormat
GetPixel

ws2_32

socket
setsockopt
recv
connect

ntdll

RtlGetAce
RtlFreeHeap
RtlFreeHandle
NtUnloadKey
NtOpenDirectoryObject
NtCreateTimer
NtCreateNamedPipeFile
NtCancelTimer
NtCallbackReturn

Exports

Exports

waysot

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f1daf20a79fe92631bf23f237b815694

Headers

File Characteristics

Imports

user32

kernel32

shell32

advapi32

gdi32

ws2_32

ntdll

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 79KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 79KB

.reloc
Size: 4KB - Virtual size: 4KB