88935725dfb99bb46783bb09025d8e07[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

88935725dfb99bb46783bb09025d8e07.zip
Size

33KB
MD5

d6d32f4d207464eca9c341aa9298449c
SHA1

d9036ec47c5649fe1d3ff70f1da3d094d6e7c70d
SHA256

6c3a42ab737d0ba74a3e2673647fdd992d1410d60f56d515bc390d52032ca3de
SHA512

a406f60420d4d3dec22488914a899be5e291416e414bf3d78a27e96c25500793a2ecd6605d98bc2a0330631eb692bc2b3519526fa7fda7c50af43585d0ebbfa6
SSDEEP

768:I0JUhkd9KUoQvhIqxVCbDWdRpMh3vwYVFOSL3ei:IthkdYUdvNLhvK/wYVFvb5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9d4e24c59f4e93bf674fb62f0489d6d8d254ba2ddf8ff4504ed6514c3c88f2d7

Files

88935725dfb99bb46783bb09025d8e07.zip
.zip

Password: infected
9d4e24c59f4e93bf674fb62f0489d6d8d254ba2ddf8ff4504ed6514c3c88f2d7
.dll windows:6 windows x86 arch:x86

Password: infected

982bd4d46d5a2d3d5e67fe63488f0405

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
VirtualProtect
ExitThread
GetModuleHandleA
LoadLibraryA
CloseHandle
CreateThread
GetProcAddress
GetModuleHandleW
SetLastError
GetLastError
AreFileApisANSI
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess

msvcp140

?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
_Cnd_signal
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_Cpp_error@std@@YAXH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
_Mtx_unlock
_Cnd_init
_Mtx_destroy
_Xtime_get_ticks
_Thrd_detach
_Thrd_start
_Mtx_init
_Cnd_wait
_Thrd_sleep
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_lock
?_Syserror_map@std@@YAPBDH@Z
?_Xlength_error@std@@YAXPBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Throw_C_error@std@@YAXH@Z
?_Winerror_map@std@@YAHH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_message@std@@YAKKPADK@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

vcruntime140

_except_handler4_common
_CxxThrowException
memset
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
__std_terminate
__CxxFrameHandler3
memcpy
memchr
memmove

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_register_onexit_function
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
terminate
_cexit
_initterm
_initterm_e
_configure_narrow_argv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

982bd4d46d5a2d3d5e67fe63488f0405

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB