MDE_File_Sample_b497285391ebc45b36b951a5c17a7eb451440472[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

MDE_File_Sample_b497285391ebc45b36b951a5c17a7eb451440472.zip
Size

4.3MB
MD5

2bc6e8a5e973d5fbd7723518cc83e78a
SHA1

8fa5e12efcb2fc9a8511d171cb32b290076e0d42
SHA256

0ecf539e5f82fa14a86032626cc77afeb131afff95c75f6be4ee87aaa86ce052
SHA512

55aec20956fabe69e796354f6d9e21289557c8d0eaf3fe0ce811d6133670c02b24ce2e5cb6e8b19ddea2b964dcb488519a182bccecdde4e5a862c0665edb50a9
SSDEEP

98304:Dh5eX8C6OPVS6e22WqH6lOwrWuqcP5beLGA7BE:jQ8aNSoqHWTrWhoBeLr1E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InterDriver.exe

Files

MDE_File_Sample_b497285391ebc45b36b951a5c17a7eb451440472.zip
.zip

Password: infected
InterDriver.exe
.exe windows:4 windows x86 arch:x86

Password: infected

78c751010579c51cdad3f096a3cbcc97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
FindExecutableA

user32

CharNextA
DefWindowProcA
GetWindowWord
SetWindowWord
BeginPaint
GetSysColor
GetClientRect
SetRect
EndPaint
RegisterClassA
OemToCharBuffA
LoadCursorA
GetLastActivePopup
ShowWindow
PostMessageA
EnableWindow
DestroyWindow
SetWindowTextA
SetForegroundWindow
SetActiveWindow
GetWindowRect
SetTimer
KillTimer
DialogBoxIndirectParamA
GetDlgItemTextA
EndDialog
SendMessageA
GetKeyState
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
InvalidateRect
UpdateWindow
wsprintfA
MessageBoxA
SetCursor
GetSystemMetrics
SetWindowPos

kernel32

CreateDirectoryA
_lclose
_lopen
GlobalUnlock
RtlUnwind
GetCommandLineA
GetModuleHandleA
ExitProcess
GetACP
GetModuleFileNameA
SetErrorMode
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
lstrcmpiA
GetWindowsDirectoryA
GetEnvironmentVariableA
LocalAlloc
LocalFree
GlobalHandle
lstrcpyA
GlobalFree
GlobalAlloc
GlobalLock
WinExec
_llseek
GetDriveTypeA
_lread
_lwrite
GetVolumeInformationA
FindClose
FindFirstFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
lstrlenA
lstrcatA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
_lcreat

gdi32

GetBkColor
SetBkColor
SetTextColor
SetTextAlign
DeleteObject
GetTextExtentPoint32A
ExtTextOutA
CreateDCA
GetDeviceCaps
CreateFontIndirectA
DeleteDC
SelectObject

advapi32

RegQueryValueA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_winzip_
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

78c751010579c51cdad3f096a3cbcc97

Headers

File Characteristics

Imports

shell32

user32

kernel32

gdi32

advapi32

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

_winzip_ Size: 4.3MB - Virtual size: 4.3MB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

_winzip_
Size: 4.3MB - Virtual size: 4.3MB