binaries[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

binaries.zip
Size

68KB
MD5

e174ebdc6ee9686bee70d1f7aab009de
SHA1

88b2c7e8ec526908d257d975b8c0e1b6ff58d9e3
SHA256

ef91340664e32bbbd4d201cca86f9c734cb4f83c6ad6d17c46efdafb3982c790
SHA512

594522d54251c4c8580d1bfcb9dc4dcd53b529a033856d9e338feccb87ab252b57083151093699136e152fdd48144b4f1e378e8daa01fada780de8302d6e5467
SSDEEP

1536:p0vhKg7h5ESFAp1A0/91BMfjrS8uCZAQ+Zud3PJ2q7uJqB:pM775FAp1AeurW8XGhZqJoG

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4659dadbf5b07c8c3c36ae941f71b631737631bc3fded2fe2af250ceba98959a
unpack001/5b7c970fee7ebe08d50665f278d47d0e34c04acc19a91838de6a3fc63a8e5630
unpack001/ae086350239380f56470c19d6a200f7d251c7422c7bc5ce74730ee8bab8e6283

Files

binaries.zip
.zip

Password: infected
4659dadbf5b07c8c3c36ae941f71b631737631bc3fded2fe2af250ceba98959a
.exe windows:4 windows x86 arch:x86

aab0b4b819af30b63a6352a276e87d83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
DeleteFileA
RemoveDirectoryA
MoveFileA
GetFileSizeEx
FlushFileBuffers
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
GetCurrentProcess
WaitForSingleObject
CreateProcessA
Process32Next
Module32Next
Module32First
OpenProcess
GetFileAttributesA
CreateToolhelp32Snapshot
WriteProcessMemory
ReadProcessMemory
VirtualProtectEx
LeaveCriticalSection
EnterCriticalSection
GetTempFileNameA
GetTempPathA
FileTimeToSystemTime
ExitProcess
GetModuleFileNameA
GlobalFree
GlobalAlloc
DeleteCriticalSection
CreateThread
InitializeCriticalSection
IsBadReadPtr
Sleep
GetLastError
SetFilePointer
WriteFile
CreateFileA
GetFileSize
LocalAlloc
ReadFile
LocalFree
CloseHandle
GetWindowsDirectoryA
CreateDirectoryA
Process32First
GetLocalTime

winspool.drv

OpenPrinterA
SetPrinterA
ClosePrinter
EnumJobsA

advapi32

OpenServiceA
DeleteService
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle

shell32

StrStrIA

shlwapi

PathMatchSpecA
StrTrimA

wininet

HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

msvcp60

?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xran@std@@YAXXZ

msvcrt

malloc
__dllonexit
strstr
_onexit
_exit
_XcptFilter
exit
__p___initenv
_controlfp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_except_handler3
__set_app_type
__p__fmode
strncat
__p__commode
fclose
fprintf
fopen
_vsnprintf
_makepath
sprintf
free
strrchr
_strdup
rand
_splitpath
_snprintf
calloc
strchr
sscanf
isdigit
??2@YAPAXI@Z
__CxxFrameHandler
strncpy
strtol
_stricmp
_strnicmp
_access
atoi
time
printf
memmove

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5b7c970fee7ebe08d50665f278d47d0e34c04acc19a91838de6a3fc63a8e5630
.exe windows:4 windows x86 arch:x86

2dafaea57423329bc9820317586634be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
LocalAlloc
GetFileSize
CreateFileA
WriteFile
SetFilePointer
GetLastError
Sleep
GetFileAttributesA
lstrlenA
DeleteFileA
LocalFree
MoveFileA
GetFileSizeEx
FlushFileBuffers
CopyFileA
ExitProcess
CloseHandle
GetWindowsDirectoryA
CreateDirectoryA
RemoveDirectoryA
GetLocalTime
GetStartupInfoA
GetModuleHandleA

shell32

StrStrIA

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

__p___argc
_strnicmp
fclose
fprintf
fopen
_vsnprintf
_makepath
sprintf
free
strrchr
_strdup
rand
_splitpath
strchr
__CxxFrameHandler
strtol
strncpy
_stricmp
__p___argv
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ae086350239380f56470c19d6a200f7d251c7422c7bc5ce74730ee8bab8e6283
.exe windows:4 windows x86 arch:x86

fa3de2641e7cfe8e6174617228cdb1c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
SetFilePointer
GetLastError
Sleep
GetFileAttributesA
lstrlenA
DeleteFileA
RemoveDirectoryA
GetFileSizeEx
FlushFileBuffers
CreateProcessA
lstrcatA
GetTempPathA
GetModuleFileNameA
CloseHandle
MoveFileA
GetModuleHandleA
GetStartupInfoA

msvcrt

sprintf
strrchr
rand
__p___argc
__p___argv
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b07b37f0246bd436addbe5d702b12485d7bc8a9ef1475b54bff513a18e68fef7

Sharing

General

Malware Config

Signatures

Files

Password: infected

aab0b4b819af30b63a6352a276e87d83

Headers

File Characteristics

Imports

kernel32

winspool.drv

advapi32

shell32

shlwapi

wininet

msvcp60

msvcrt

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 41KB

2dafaea57423329bc9820317586634be

Headers

File Characteristics

Imports

kernel32

shell32

msvcp60

msvcrt

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 37KB

fa3de2641e7cfe8e6174617228cdb1c5

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 4KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 998B

.data Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 41KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 37KB

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 998B

.data
Size: 4KB - Virtual size: 4KB