284cd2be911cdb982d30d53226a860a0[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

284cd2be911cdb982d30d53226a860a0.zip
Size

636KB
MD5

b2be6ed3d1d82cae32332bdc9df01cac
SHA1

a38bef3395755b56dfb0a49122c80acce99288c2
SHA256

f8d46f1b5de78fac5fd7b97a4313eb5bee7971b66160ae8ff84eb1b8db65ec22
SHA512

a8c73317a1e8bf51460a9cb1221633982738090ad4e2ccbc04914be7bf74b19391ee9076162fbfc12d420b4ab03fddd422c34d4b214dbca2baff7cd11124ff28
SSDEEP

12288:HdepJ3uYuYGbDCVLbZQezDvtQInqLF+UhgNe6Fpbbdo:HUpJ+YuYq2L2ezDlQdb4Fpfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6203eafa8e71fe1e258e9e709bc73c131ec69badd9abb6492125d695780eadc3

Files

284cd2be911cdb982d30d53226a860a0.zip
.zip

Password: infected
6203eafa8e71fe1e258e9e709bc73c131ec69badd9abb6492125d695780eadc3
.exe windows:10 windows x64 arch:x64

Password: infected

864081dec9a74e927ec2d63ecd983a39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SearchIndexer.pdb

Imports

msvcrt

??0bad_cast@@QEAA@AEBV0@@Z
iswspace
wcscpy_s
wcsncpy_s
__C_specific_handler
calloc
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
??1bad_cast@@UEAA@XZ
??0bad_cast@@QEAA@PEBD@Z
_CxxThrowException
wcstok
memcpy
toupper
__CxxFrameHandler3
wcsncmp
_XcptFilter
setlocale
wcschr
memset
___lc_collate_cp_func
strchr
_amsg_exit
wcscat_s
_wtol
___mb_cur_max_func
towupper
___lc_handle_func
iswxdigit
swscanf
_vscwprintf
malloc
__getmainargs
__set_app_type
exit
_exit
strncmp
_cexit
_wcsnicmp
free
wcsstr
_ismbblead
__setusermatherr
_initterm
bsearch
___lc_codepage_func
_free_locale
_get_current_locale
__crtLCMapStringW
_acmdln
_fmode
__crtCompareStringW
_commode
_wcsdup
?terminate@@YAXXZ
_set_errno
_get_errno
vswprintf_s
_wcsicmp
_lock
_unlock
abort
qsort
wcspbrk
_wcslwr_s
memcmp
realloc
_errno
__pctype_func
??1type_info@@UEAA@XZ
_onexit
memmove
wcstol
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
memcpy_s
_vsnwprintf
__dllonexit
wcscmp

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadStringW
LoadResource
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
FindStringOrdinal
SizeofResource
LockResource
FindResourceExW
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary

api-ms-win-core-file-l1-1-0

GetFileTime
FindClose
FindFirstFileW
FindFirstVolumeW
FindVolumeClose
GetVolumeInformationW
FindFirstFileExW
SetFileAttributesW
CreateDirectoryW
GetFileAttributesExW
FindNextVolumeW
GetFileAttributesW
GetDriveTypeW
CreateFileW
GetLogicalDrives
CompareFileTime
FindNextFileW
DeleteFileW
SetFileTime
RemoveDirectoryW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
InitOnceInitialize

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexW
InitializeCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
CreateEventW
SetEvent
OpenSemaphoreW
ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
EnterCriticalSection
CreateSemaphoreExW
InitializeCriticalSectionEx
DeleteCriticalSection
OpenEventW
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapSize
HeapFree
HeapReAlloc
GetProcessHeap
HeapDestroy
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter
SetErrorMode

api-ms-win-core-com-l1-1-0

CoMarshalInterface
PropVariantClear
CoCreateFreeThreadedMarshaler
IIDFromString
CLSIDFromString
CoInitializeSecurity
CoTaskMemRealloc
CoRevertToSelf
CoTaskMemAlloc
CoImpersonateClient
CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoGetMalloc
CoRegisterClassObject
CoRevokeClassObject
StringFromGUID2

api-ms-win-core-io-l1-1-0

DeviceIoControl

ntdll

RtlGetPersistedStateLocation
RtlIsStateSeparationEnabled
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtOpenFile
RtlNtStatusToDosError
RtlInitUnicodeString
RtlGetDeviceFamilyInfoEnum
RtlQueryPackageClaims

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsAlloc
GetStartupInfoW
GetCurrentProcess
SetPriorityClass
GetCurrentThreadId
GetCurrentThread
OpenProcessToken
CreateThread
TerminateProcess
OpenThreadToken
GetCurrentProcessId

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteValueW
RegCloseKey
RegGetKeySecurity
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteTreeW
RegQueryValueExW
RegEnumValueW
RegDeleteKeyExW
RegOpenKeyExW
RegCreateKeyExW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
ResolveLocaleName
LCMapStringW
GetSystemPreferredUILanguages
GetNLSVersionEx
GetSystemDefaultLCID
LocaleNameToLCID

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SafeArrayGetElement
SafeArrayDestroy
SysStringLen
VarBstrCat
SysAllocStringByteLen
SafeArrayGetUBound
SysStringByteLen
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA
DebugBreak

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCanonicalizeW
PathIsRootW
PathSkipRootW
PathFileExistsW
PathAppendW
PathIsUNCW
PathIsUNCServerShareW
PathIsUNCServerW
PathRemoveBackslashW
PathStripToRootW
PathFindNextComponentW
PathAddBackslashW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW
CompareStringOrdinal
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
SearchPathW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-eventing-provider-l1-1-0

EventEnabled
EventWriteTransfer
EventRegister
EventProviderEnabled
EventSetInformation
EventActivityIdControl
EventUnregister

api-ms-win-shcore-registry-l1-1-0

SHSetValueW
SHGetValueW
SHCopyKeyW
SHDeleteKeyW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetVersionExW
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GetSystemDirectoryW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-processthreads-l1-1-1

SetProcessMitigationPolicy
OpenProcess

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenSCManagerW
OpenServiceW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

tquery

ciNewNoThrow
ciDelete
ciNew

shcore

SHStrDupW
ord1

mssrch

??1CSearchServiceObj@@QEAA@XZ
??0CSearchServiceObj@@QEAA@XZ
?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ
?Cleanup@CSearchServiceObj@@SAXXZ

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICW
StrStrIW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
MoveFileW

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

864081dec9a74e927ec2d63ecd983a39

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-io-l1-1-0

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-l1-2-0

oleaut32

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-service-management-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-apiquery-l1-1-0

tquery

shcore

mssrch

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

rpcrt4

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-psapi-l1-1-0

Sections

.text Size: 548KB - Virtual size: 547KB

.rdata Size: 232KB - Virtual size: 231KB

.text
Size: 548KB - Virtual size: 547KB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 35KB - Virtual size: 35KB

.didat
Size: 1024B - Virtual size: 752B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 404KB - Virtual size: 1.1MB