ff3556fcc81946e1a83ab271568bbd36[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ff3556fcc81946e1a83ab271568bbd36.zip
Size

6.9MB
MD5

e0bea42242b1bcc4132438b479bf89bf
SHA1

fe8a85de0569f9d0af0fc64cb975bb9fb8e4c276
SHA256

6e821f80b294536e0508db0fd37feb792c7adfffe6a057930abfd9630f55ac74
SHA512

cb1a68dd82f0d3692665a4e6a3e21f83d0441d25e57c64c2fa74d7f869496d55b51b8551e3ae7d455ebf71bcbdd17557d38f9b254fc7524a7abb56914485b539
SSDEEP

196608:YvilMrVeP1aRH+ruYTw47N0J1NISKDhf0yienLxgZhZ3t+fy7C:YviyrVegN+rlTV7yJHKtf0yiUeR32y7C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/307644b1154391b4f425896da8efd9480fb3dda0f56c633b08c32058f5b469fa

Files

ff3556fcc81946e1a83ab271568bbd36.zip
.zip

Password: infected
307644b1154391b4f425896da8efd9480fb3dda0f56c633b08c32058f5b469fa
.exe windows:5 windows x86 arch:x86

Password: infected

3cd0350cb20713093b4eb51a8785dabd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hesisuficuti39\poxeti\ficoveroput39_fabejaka72_reja.pdb

Imports

kernel32

LoadResource
UpdateResourceA
InterlockedIncrement
GetEnvironmentStringsW
SetEvent
OpenSemaphoreA
GetSystemTimeAsFileTime
GetCommandLineA
WriteFileGather
CreateActCtxW
EnumResourceTypesA
GlobalAlloc
LeaveCriticalSection
GetFileAttributesA
FindNextVolumeW
ReadFile
GetLocaleInfoA
GetDevicePowerState
GetProcAddress
HeapSize
VerLanguageNameA
RemoveDirectoryA
FreeUserPhysicalPages
GlobalGetAtomNameA
PrepareTape
WriteConsoleA
GetProcessId
WaitForMultipleObjects
GetModuleFileNameA
GetModuleHandleA
ReleaseMutex
EndUpdateResourceA
FindFirstVolumeW
AddConsoleAliasA
lstrcpyW
HeapReAlloc
HeapAlloc
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetLastError
SetFilePointer
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CloseHandle
CreateFileA

user32

GetCursorPos

gdi32

GetCharWidthFloatA

advapi32

DeregisterEventSource

Exports

Exports

@SetFirstEverVice@8

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.0MB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3cd0350cb20713093b4eb51a8785dabd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 83KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 533KB

.rsrc Size: 10.0MB - Virtual size: 49KB

.text
Size: 83KB - Virtual size: 83KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 533KB

.rsrc
Size: 10.0MB - Virtual size: 49KB