ff4ead85d03c52f368ba833d9dc58d01[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ff4ead85d03c52f368ba833d9dc58d01.zip
Size

295KB
MD5

369b37f9875c6503cf293254bdc412c3
SHA1

dffd3192a121c33d235048eee3cf78d91191cea9
SHA256

81e648dcf51f067dae3a582ff5819a872f6a86791c3b6e910c3246b4497b1d47
SHA512

c6afa3e7f4dd359b5b506f2b81f568a793d56083ea748e33db95ea71cb188f60b1d5bc283e45a760cb05856fa3881aae08f6a177de42d6e7c3f4bbc166fa8221
SSDEEP

6144:/FuJ3L45xk73dJsxSo8sPalS2vVukg1LvLuevU7uWSoK70IGyRR:tKU5xk73dLo8oOSeo1LvLuesKWWQkRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2dff68623defa4edb64b514ec769e9ff3448b3ae1c0768e784cd305bfce2f91c

Files

ff4ead85d03c52f368ba833d9dc58d01.zip
.zip

Password: infected
2dff68623defa4edb64b514ec769e9ff3448b3ae1c0768e784cd305bfce2f91c
.dll windows:4 windows x64 arch:x64

Password: infected

f7d8d90ab54224232700ea66b03425f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ntdll

__chkstk

shlwapi

StrStrIW

winmm

mciSendStringA
waveInGetDevCapsA
mciSendStringW
midiOutReset
waveInGetDevCapsW
midiOutGetDevCapsW
auxGetDevCapsW
waveOutSetPitch
midiInStart

user32

GetTopWindow

advapi32

CopySid

Exports

Exports

IsInteractiveUserSession
QueryActiveSession
QueryUserToken
RegisterUsertokenForNoWinlogon
WTSCloseServer
WTSConnectSessionA
WTSConnectSessionW
WTSCreateListenerA
WTSCreateListenerW
WTSDisconnectSession
WTSEnableChildSessions
WTSEnumerateListenersA
WTSEnumerateListenersW
WTSEnumerateProcessesA
WTSEnumerateProcessesExA
WTSEnumerateProcessesExW
WTSEnumerateProcessesW
WTSEnumerateServersA
WTSEnumerateServersW
WTSEnumerateSessionsA
WTSEnumerateSessionsExA
WTSEnumerateSessionsExW
WTSEnumerateSessionsW
WTSFreeMemory
WTSFreeMemoryExA
WTSFreeMemoryExW
WTSGetChildSessionId
WTSGetListenerSecurityA
WTSGetListenerSecurityW
WTSIsChildSessionsEnabled
WTSLogoffSession
WTSOpenServerA
WTSOpenServerExA
WTSOpenServerExW
WTSOpenServerW
WTSQueryListenerConfigA
WTSQueryListenerConfigW
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserConfigA
WTSQueryUserConfigW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSRegisterSessionNotificationEx
WTSSendMessageA
WTSSendMessageW
WTSSetListenerSecurityA
WTSSetListenerSecurityW
WTSSetRenderHint
WTSSetSessionInformationA
WTSSetSessionInformationW
WTSSetUserConfigA
WTSSetUserConfigW
WTSShutdownSystem
WTSStartRemoteControlSessionA
WTSStartRemoteControlSessionW
WTSStopRemoteControlSession
WTSTerminateProcess
WTSUnRegisterSessionNotification
WTSUnRegisterSessionNotificationEx
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSVirtualChannelOpenEx
WTSVirtualChannelPurgeInput
WTSVirtualChannelPurgeOutput
WTSVirtualChannelQuery
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSWaitSystemEvent

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pwmi
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uclgtf
Size: 1024B - Virtual size: 735B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kfmznp
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zgjovr
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.odqjc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lfzq
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lqtezs
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dsjyvz
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpwo
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f7d8d90ab54224232700ea66b03425f4

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shlwapi

winmm

user32

advapi32

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 223KB - Virtual size: 223KB

.data Size: 6KB - Virtual size: 5KB

.pdata Size: 1024B - Virtual size: 540B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.pwmi Size: 2KB - Virtual size: 2KB

.uclgtf Size: 1024B - Virtual size: 735B

.kfmznp Size: 1024B - Virtual size: 1022B

.zgjovr Size: 2KB - Virtual size: 1KB

.odqjc Size: 1024B - Virtual size: 1022B

.lfzq Size: 5KB - Virtual size: 4KB

.lqtezs Size: 1KB - Virtual size: 1KB

.dsjyvz Size: 276KB - Virtual size: 276KB

.orpwo Size: 2KB - Virtual size: 2KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 223KB - Virtual size: 223KB

.data
Size: 6KB - Virtual size: 5KB

.pdata
Size: 1024B - Virtual size: 540B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB

.pwmi
Size: 2KB - Virtual size: 2KB

.uclgtf
Size: 1024B - Virtual size: 735B

.kfmznp
Size: 1024B - Virtual size: 1022B

.zgjovr
Size: 2KB - Virtual size: 1KB

.odqjc
Size: 1024B - Virtual size: 1022B

.lfzq
Size: 5KB - Virtual size: 4KB

.lqtezs
Size: 1KB - Virtual size: 1KB

.dsjyvz
Size: 276KB - Virtual size: 276KB

.orpwo
Size: 2KB - Virtual size: 2KB