2df42d2e20e3d91a380fe98845d02b10[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

2df42d2e20e3d91a380fe98845d02b10.zip
Size

597KB
MD5

4398c2d9d7649196a34d4d42abc1e0e5
SHA1

1ee73c2c60dea9e88b1d0f34e3b64ad55a5e6431
SHA256

fbd89e3475759ccc31884bd0d1e4aacd528a6f2ea736511d3ae5a83cc678a0b3
SHA512

976872ac9880d9be85dd80801fec49333b945b782395080291da98556eff198e2eeb60a42185b2c07e53a67b0d3394b98a714be3bf0b02a1357ef95388eada91
SSDEEP

12288:fJQTDXQFv3pXZx5+XhB4W1xd8uN6Yb0oatR49LUKRrQeticgJFU32:2vXQNLx5+hdgYYRLKRrXtb32

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/34e4c5e56024313a23dc1e6df0e742559e378dfe3c47e20cb1d2f739b71ab96d

Files

2df42d2e20e3d91a380fe98845d02b10.zip
.zip

Password: infected
34e4c5e56024313a23dc1e6df0e742559e378dfe3c47e20cb1d2f739b71ab96d
.dll windows:6 windows x86 arch:x86

Password: infected

3792f13601dd22479b848bd54fb9cbd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\281\Some\542_Eat\over\alw\War.pdb

Imports

kernel32

VirtualProtect
WaitForSingleObject
OpenMutexW
LoadLibraryW
CreateProcessW
GetSystemDirectoryW
SetFileAttributesW
SetConsoleOutputCP
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
OutputDebugStringW
GetStringTypeW
HeapReAlloc
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
WriteFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
CreateSemaphoreW
GetModuleHandleW
GetTickCount
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileW

ole32

OleSetContainedObject
OleCreate
OleUninitialize
OleInitialize
StgCreateDocfile
CoSuspendClassObjects
CoUninitialize
CoInitialize

winspool.drv

ResetPrinterW
SetPrinterDataExW
SetFormW
SetPortW
EnumPrinterDriversW
GetPrinterW
EnumPrinterKeyW
PrinterMessageBoxW
GetPrinterDriverW
SetJobW
ScheduleJob
FindClosePrinterChangeNotification
ReadPrinter
SetPrinterDataW
OpenPrinterW
EnumPrintersW

Exports

Exports

Jobhelp
Same
ThanShore

Sections

.text
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

3792f13601dd22479b848bd54fb9cbd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

winspool.drv

Exports

Exports

Sections

.text Size: 652KB - Virtual size: 652KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 69KB - Virtual size: 686KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 652KB - Virtual size: 652KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 69KB - Virtual size: 686KB

.reloc
Size: 9KB - Virtual size: 9KB