240911-qnhftapp61_pw_infected[.]zip

General

Target

240911-qnhftapp61_pw_infected.zip
Size

11KB
MD5

71e671298d3b0d8b61a01d15e3ac63a1
SHA1

2ff4c4f3becb7b134f18fe68132886564772c447
SHA256

90477f9f76ff2751da3c22a65d5b66b7bbd0b4aca6f5299ca788d8effb66ec37
SHA512

5a6269c67be4d368ceddb8b849ce556817b99b4586f9bd87063464e53246e4f9e65adb02f275c3de1c0634901c2c028489e95b09807a5275572bb85be9e4e1e9
SSDEEP

192:Cs1FHwxB9hVcY7mnu6OhKiw6sstW0EOEQHfSMv9mS3DfbWZANU:VFH6bAYeXX6sstFoQHfZvXeOK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ecc6369f4bf0bc1d0ad9e7afba34c21f4614641ecff396911817829b534cb1d8

Files

240911-qnhftapp61_pw_infected.zip
.zip

Password: infected
ecc6369f4bf0bc1d0ad9e7afba34c21f4614641ecff396911817829b534cb1d8
.exe windows:5 windows x86 arch:x86

Password: infected

af1fd6b5e63645d8583bf436a2577954

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfW
StrStrW
StrStrIW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

crypt32

CryptEncodeObjectEx

kernel32

GetFileSizeEx
FindNextFileW
lstrlenW
WriteFile
ExpandEnvironmentStringsW
TerminateProcess
GetUserDefaultLangID
GetModuleFileNameW
WaitForMultipleObjects
SetErrorMode
GetTempPathW
FindClose
CreateFileW
GetProcessHeap
CreateToolhelp32Snapshot
GetLastError
Process32NextW
lstrcatW
Process32FirstW
GetLogicalDrives
HeapAlloc
GetWindowsDirectoryW
SetFilePointerEx
GetFileSize
ExitProcess
CreateProcessW
lstrcpyW
GetTempFileNameW
lstrcmpiW
lstrcmpW
MoveFileW
HeapFree
lstrlenA
FindFirstFileW
CloseHandle
ReadFile
OpenProcess
CreateThread

user32

SystemParametersInfoW

advapi32

CryptGenRandom
GetSidSubAuthorityCount
GetSidSubAuthority
CryptExportKey
OpenProcessToken
CryptReleaseContext
CryptImportKey
CryptGenKey
CryptEncrypt
CryptDestroyKey
GetTokenInformation
CryptAcquireContextA

shell32

SHGetFolderPathW
ShellExecuteW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

af1fd6b5e63645d8583bf436a2577954

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

mpr

crypt32

kernel32

user32

advapi32

shell32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: - Virtual size: 536B

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 556B

.text
Size: 16KB - Virtual size: 15KB

.data
Size: - Virtual size: 536B

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 556B