4c1dc33f1e3c43f0491611e49669ede4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

4c1dc33f1e3c43f0491611e49669ede4.zip
Size

342KB
MD5

4ae403e49892dab8c883db5d30b27508
SHA1

041d44b2389c6e4cb9eb55cf22325947df1e5f19
SHA256

5a6c5650a1d311c254aab05de01d3577cc84ec1b44e71f297a3f7e7196cae57a
SHA512

88274139d135d59de91f3019ff59e925c2cb58afb909a4a94494c39488b74d709da8fb8a0ffa4f65ef850daf55530d6d3b58a7c9eff5deeb65044fcba52bac5a
SSDEEP

6144:HPhjSmPUXECz0OgWPRF17A8RfxyoEZxbT48NJKYvzadtf7kqIbD:HPHUXEiRTjdfX4xxveX77IbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2043d36726968b3634db45f7a11e5f80640143330e51de49299a1fedc3c3ece6

Files

4c1dc33f1e3c43f0491611e49669ede4.zip
.zip

Password: infected
2043d36726968b3634db45f7a11e5f80640143330e51de49299a1fedc3c3ece6
.exe windows:6 windows x86 arch:x86

Password: infected

14463510dd5cd2a5cddb4a110bc01acf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
CloseHandle
ReadFile
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetModuleFileNameA
LocalAlloc
GlobalAlloc
GlobalFree
GetComputerNameA
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
DecodePointer
WriteConsoleW
GetStringTypeW
VirtualQuery
SetEnvironmentVariableA
AreFileApisANSI
CreateDirectoryA
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
GetFileAttributesA
CopyFileA
GetLastError
GetModuleHandleA
GetVolumeInformationA
FindClose
FindNextFileA
GetSystemInfo
FindFirstFileA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCurrentDirectoryW
SetStdHandle
GetTimeZoneInformation
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExA

user32

GetDesktopWindow
GetSystemMetrics
FillRect
GetDC
EnumDisplayDevicesA

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateBrushIndirect
GetDIBits
GetObjectA
BitBlt

advapi32

RegQueryValueExA
RegOpenKeyA
GetUserNameA

crypt32

CryptUnprotectData

wininet

InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpOpenRequestA

Sections

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

14463510dd5cd2a5cddb4a110bc01acf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

crypt32

wininet

Sections

.text Size: 481KB - Virtual size: 480KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 481KB - Virtual size: 480KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 480B