1325dde468ab134b1d483ad19383e420[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

1325dde468ab134b1d483ad19383e420.zip
Size

1.1MB
MD5

f942071c2bb4e857a8580593b5e40430
SHA1

96e12a7f9dfd347889150b6e37b9b5d4b80644e5
SHA256

d4a18349302db9474ee59afeeb980f717db520bcee6c716b7c1ee3b452731934
SHA512

e0664041dc24f12186d4e89e2757adddf25000abb4a0226b33437de3dc9ac99d1aa45527623e8da62cb7385296bf8aa62c66cfc9ee478d43432fe0824a64f853
SSDEEP

24576:FhX4BREvfhplPjRqebEjcY02Vz5sM01NsF2eetpKfYRDSk2U:b/prIeYjccVlsp1Nsk36Y54U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9445ff6249ff2b1b8ed2705d62a72b9ed6f05ea86fb2aa24952fd5f7934e7e2f

Files

1325dde468ab134b1d483ad19383e420.zip
.zip

Password: infected
9445ff6249ff2b1b8ed2705d62a72b9ed6f05ea86fb2aa24952fd5f7934e7e2f
.exe windows:6 windows x64 arch:x64

Password: infected

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iexplore.pdb

Imports

advapi32

GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

kernel32

DeleteCriticalSection
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
LocalFree
ExpandEnvironmentStringsW
LoadLibraryW
Sleep
GetLastError
GetSystemDefaultLCID
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultUILanguage
CreateFileMappingW
GetFileTime
HeapSetInformation
IsWow64Process
LocalAlloc
GetProcAddress
SetLastError
VerifyVersionInfoW
lstrlenW
CreateFileW
GetModuleFileNameW
TerminateProcess
GetVersionExW
GetLocaleInfoW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeCriticalSection
RaiseException
LoadLibraryA
GetModuleHandleW
GetCurrentProcess
VerSetConditionMask
SetDllDirectoryW
CreateProcessW
SetErrorMode
GetCommandLineW
GetCurrentDirectoryW

user32

CharNextW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindowVisible
MessageBoxW
FindWindowExW
SendMessageTimeoutW
LoadStringW
IsWindowEnabled

msvcrt

??3@YAXPEAX@Z
_wcsicmp
_wcsnicmp
bsearch
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
memmove
memset
memcpy
??2@YAPEAX_K@Z
_vsnwprintf
iswspace
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcsncmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shlwapi

SHSetValueW
SHRegGetValueW
PathQuoteSpacesW
PathCombineW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158
PathAppendW
SHStrDupW
SHQueryValueExW
PathAddBackslashW
SHGetValueW
PathRemoveFileSpecW
ord154
ord437
UrlCanonicalizeW
ord462
PathIsURLW
ord219
ord172

shell32

ord17
ord16
ord147
SHCreateShellItem
ord152
SHGetDesktopFolder
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx

iertutil

ord650
ord163
ord74
ord85
ord81
ord79
ord58
ord46
ord42
ord32
ord44
ord325
ord9
ord31

urlmon

ord410
ord104
ord111

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 2KB - Virtual size: 1KB