Quarantined Messages (2)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Quarantined Messages (2).zip
Size

11.6MB
MD5

d86fe73027d3c97ea0d6ff038194d6b6
SHA1

1c77d83fd7456d7b2b5e54f8e43053e53614fc3d
SHA256

dbd6e8d5d4cb2514e6aed3b951279deaf02f6df049a168839c0aaa42a7899506
SHA512

81827a179a946d4bb4d6883b3d21e798be698ce6f02313b35300cc114023e028b3b238d0e14b3eec354a212fe2e2e22c6d86aa17286b2e39baa4facb6a35ad20
SSDEEP

196608:C3h7f/xcmYbyxJSWsXMnSlyLTvMVLiQIz4YMssVmXvT8lvYBBiHZpkRpHKw76kr:C3hj/xNlxJSWi8Tv6LiQIzsVvlvOAZe3

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PowerDVD_v6.0/KeyGen-Generator for PowerDVD.exe
unpack002/PowerDVD_v6.0/PowerDVD_v6.0.exe

Files

Quarantined Messages (2).zip
.zip

Password: infected
PowerDVD_v6[1].0.rar
.rar

Password: infected
PowerDVD_v6.0/KeyGen-Generator for PowerDVD.exe
.exe windows:4 windows x86 arch:x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.PDX
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PDX
Size: 230KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PowerDVD_v6.0/NFO-PowerDVD.nfo
PowerDVD_v6.0/PowerDVD_v6.0.exe
.exe windows:4 windows x86 arch:x86

Password: infected

5a9b89741dd0eb9be8754b41c4d30c55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FormatMessageA
DeleteFileA
MulDiv
IsDBCSLeadByte
GetExitCodeProcess
CreateProcessA
GetTempFileNameA
GetSystemDefaultLCID
WaitForSingleObject
CompareStringA
Sleep
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
RemoveDirectoryA
FindNextFileA
WritePrivateProfileSectionA
GetStartupInfoA
WriteFile
ReadFile
SetFileAttributesA
LocalFree
LocalAlloc
LockResource
LoadResource
FindResourceA
SizeofResource
GetModuleHandleA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrcmpiA
GetDiskFreeSpaceA
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
ExitProcess
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrcpynA
SetFilePointer
GetFileSize
FindFirstFileA
CreateDirectoryA
GetLastError
GetPrivateProfileStringA
FindClose
GetFileAttributesA
lstrcatA
lstrlenA
GetWindowsDirectoryA
lstrcpyA
GetSystemDirectoryA
GetTempPathA
GetPrivateProfileSectionA
LoadLibraryA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
FlushFileBuffers
CloseHandle
IsBadCodePtr
IsBadReadPtr
SetStdHandle
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetFileType
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
TerminateProcess
GetStringTypeW
GetCurrentProcess
GetOEMCP
GetACP
GetStringTypeA
IsBadWritePtr
HeapReAlloc
GetCPInfo
VirtualFree
HeapCreate
VirtualAlloc
GetVersion
GetCommandLineA
HeapDestroy
RtlUnwind

user32

GetParent
GetDlgItem
SetFocus
SendDlgItemMessageA
EnableWindow
CheckRadioButton
GetWindowLongA
LoadStringA
LoadImageA
MessageBoxA
CharNextA
IsDlgButtonChecked
GetDlgItemTextA
CheckDlgButton
SetDlgItemTextA
ReleaseDC
GetDC
GetWindow
PostMessageA
SetWindowTextA
wsprintfA
GetDesktopWindow
GetWindowTextA
DestroyWindow
CreateDialogParamA
FillRect
GetSysColor
GetSysColorBrush
EndPaint
BeginPaint
DrawTextA
MoveWindow
GetClientRect
ScreenToClient
GetNextDlgTabItem
SetParent
MapDialogRect
IsWindow
GetWindowRect
CreateDialogIndirectParamA
ShowWindow
InvalidateRect
IsWindowEnabled
SetWindowPos
UpdateWindow
IsDialogMessageA
SetWindowLongA
GetActiveWindow
SetActiveWindow
LoadIconA
PeekMessageA
SendMessageA
DispatchMessageA
TranslateMessage

gdi32

CreateFontIndirectA
RealizePalette
SelectPalette
CreatePalette
GetObjectA
GetStockObject
CreateDIBitmap
GetTextExtentPointA
SelectObject
EnumFontFamiliesExA
DeleteDC
BitBlt
TextOutA
SetBkMode
SetBkColor
CreateCompatibleDC
CreateSolidBrush
SetTextColor
DeleteObject
GetDeviceCaps

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Headers

File Characteristics

Sections

.PDX Size: - Virtual size: 172KB

.PDX Size: 230KB - Virtual size: 232KB

.rsrc Size: 2KB - Virtual size: 4KB

Password: infected

5a9b89741dd0eb9be8754b41c4d30c55

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

lz32

comctl32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 180KB - Virtual size: 178KB

.PDX
Size: - Virtual size: 172KB

.PDX
Size: 230KB - Virtual size: 232KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 180KB - Virtual size: 178KB