f41ebed236f3933da279048eea3db158[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

f41ebed236f3933da279048eea3db158.zip
Size

92KB
MD5

ef535693bc9c5ff88d921f6072787447
SHA1

72c3757b13f6adead6388e8754f6a8d89d6cf59c
SHA256

2b2284b1f260a7b86700cc13605320db036b158d0869732032e598bbd0fbe2ab
SHA512

2711d6cbcb0ef202461734f9b30825afdba4c33da9b2bf5793503ba468f3e356db4cceb9f2a106c1c9833b75629ad056a21b0375913bcf857ca7b1dac8ceceab
SSDEEP

1536:k3OwBENWnWHiLyDb/ePgFaInHImdfcBMd1B0bgEvDCLic8KdfErvqZi8HKCfH:KOkUWWCLy/Zowf7d1B0bfmLiocrvlQK+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/60637a74e7ca95f5565d9f7868bcdac602dd532484bec37fcd10344179cc61e4

Files

f41ebed236f3933da279048eea3db158.zip
.zip

Password: infected
60637a74e7ca95f5565d9f7868bcdac602dd532484bec37fcd10344179cc61e4
.exe windows:5 windows x86 arch:x86

Password: infected

bf379a12da2ca23c0bd854f9a445098c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
HeapReAlloc
RtlUnwind
GetCommandLineA
GetStartupInfoA
RaiseException
ExitProcess
HeapSize
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
MulDiv
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GlobalAlloc
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetLastError
SetLastError
MultiByteToWideChar
lstrcmpW
GetModuleHandleA
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapAlloc
GetProcessHeap
HeapFree
IsBadReadPtr
VirtualFree
VirtualProtect
GetFileAttributesA
DeleteFileA
LoadLibraryA
GetProcAddress
WriteFile
FreeLibrary
CreateFileA
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
lstrcpyA
GetEnvironmentStringsW
Sleep

user32

LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
LoadBitmapA
ModifyMenuA
GetMenuState
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
EnableWindow
SendMessageA
UpdateWindow
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
UnregisterClassA
GetMenuCheckMarkDimensions
IsIconic
GetClientRect
LoadIconA
GetSystemMetrics
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetWindowRect
GetWindowPlacement
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
EnableMenuItem

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

eic

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

111
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bf379a12da2ca23c0bd854f9a445098c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

111 Size: 3KB - Virtual size: 2KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 10KB - Virtual size: 24KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 128KB - Virtual size: 127KB

111
Size: 3KB - Virtual size: 2KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 10KB - Virtual size: 24KB

.rsrc
Size: 13KB - Virtual size: 12KB