b8cf83e5765ca7a69db24f4fd351111c[.]zip

General

Target

b8cf83e5765ca7a69db24f4fd351111c.zip
Size

4.3MB
MD5

d7ef9157234a1a439034bb28670243c6
SHA1

151330bcdedd3d31fd9e954e78c57d7c0c4554b9
SHA256

0345a01857e261d7f680280830927571a256dd085dd27a494dc3b86b4764499d
SHA512

6cc41e613105408a01fa75ab9ab602c9a3366e47f0c275882b65bcc6d559f8f5a5b3266c10e0bf14f8e554a9a0d04ff30ffc5aedcbcff01e6865c27571616cee
SSDEEP

98304:E5aOPey6FXwMbCCxGOsd+AUBgwTBxvc8tFqJyId8ayNT:8P5SXtbbAOcZYXUbd8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f10e5999d6897c0cdabba50d5d8290c50ccddf8490731cba786075fe2b1c631b

Files

b8cf83e5765ca7a69db24f4fd351111c.zip
.zip

Password: infected
f10e5999d6897c0cdabba50d5d8290c50ccddf8490731cba786075fe2b1c631b
.exe windows:6 windows x86 arch:x86

908bea7ee71339f1c35ba419da3ba679

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

wtsapi32

WTSSendMessageW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.45qbwrJ
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.45qbwrJ
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

908bea7ee71339f1c35ba419da3ba679

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wtsapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.JqjbwEJ Size: 3KB - Virtual size: 3KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 7KB

.45qbwrJ Size: 2.6MB - Virtual size: 2.6MB

.45qbwrJ Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 136KB - Virtual size: 135KB

.JqjbwEJ
Size: 3KB - Virtual size: 3KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 7KB

.45qbwrJ
Size: 2.6MB - Virtual size: 2.6MB

.45qbwrJ
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB