44297b5e67f0ca71f00fdaef8e7bde61[.]zip

General

Target

44297b5e67f0ca71f00fdaef8e7bde61.zip
Size

15KB
MD5

2579a2dfb7b2c9ffd725e4bed3c19edf
SHA1

1931f62c3444d658adbf162f6972655251d248d9
SHA256

5615b7891d16b32ce4b2cb3d0599546ff951c25e7144dbaa7fe5ac4068988041
SHA512

2a90d3951fa5597643f4daa87a9cc1e4a263453abceccd28b08b89f6a5ab53adf707a3642b0a5fc205484ab38b38ac1b8e8b23314c08926d84a4f85ff26f6959
SSDEEP

384:LBSe3HO4k4wDvW6QzErl8js+227Nal/sJZdOUaVN0TmVmOcB6:Vdu4gDz8jt22N+/s1ufc4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b3b9339842edd77bdbb8249d475c76676e7e4193e430255c5ba10a37e4248633

Files

44297b5e67f0ca71f00fdaef8e7bde61.zip
.zip

Password: infected
b3b9339842edd77bdbb8249d475c76676e7e4193e430255c5ba10a37e4248633
.exe windows:4 windows x86 arch:x86

Password: infected

b9422c4ba9077d899879b8a87c63f971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
wsprintfA

kernel32

FindClose
LCMapStringA
FindFirstFileA
CreateThread
CloseHandle
Sleep
TerminateProcess
Wow64DisableWow64FsRedirection
CreateDirectoryA
MoveFileA
Wow64RevertWow64FsRedirection
GetTempPathA
GetWindowsDirectoryA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
IsWow64Process
GetLastError
VirtualAlloc
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
ReadFile
GetFileSize
CreateFileA
DeleteFileA
WriteFile
GetTickCount
RemoveDirectoryA
FindNextFileA

shell32

ord680

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
DeleteUrlCacheEntry
InternetGetConnectedState
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetOpenA

msvcrt

memmove
_strnicmp
??3@YAXPAX@Z
__CxxFrameHandler
modf
malloc
free
strtod
tolower
rand
srand
sprintf
_ftol
atoi
strncmp

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b9422c4ba9077d899879b8a87c63f971

Headers

File Characteristics

Imports

user32

kernel32

shell32

wininet

msvcrt

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 51KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 51KB