more[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

more.zip.zip
Size

11KB
MD5

cdc0728284ffc3938477b1176f367348
SHA1

c018323dc21479d9028c497e895525e7ed8b3211
SHA256

948a0299a749c55ac800972cdfee15002d224eec2b7c1e486834e07b06ab13cf
SHA512

d6e442600b53d4c4097cbd2e07043c45a1307c0555bce6a6339ecbfd3b848ad7ac3874a4ea69ea3d5f917f4fad8d0b9f0718f0d10a5d5c464d76e4a310d1aea2
SSDEEP

192:zcQNTUXDoZv2/M+YLLXSGTdHCSrrjkHcwYcgPoRGBm8vqzzQ6XDepILpvZR9P41n:zcQRUz+23YfiGTdiSnwXFRGRSzzQ6TlC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/more.com

Files

more.zip.zip
.zip

Password: infected
more.zip
.zip

Password: infected
more.com
.exe windows:10 windows x86 arch:x86

Password: infected

0fece6298ccd2180cc9f1b7c9f0969e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

more.pdb

Imports

msvcrt

?terminate@@YAXXZ
_initterm
__setusermatherr
_controlfp
_except_handler4_common
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
exit

ulib

?Compare@OBJECT@@UBEJPBV1@@Z
?ReplaceWithChars@BSTRING@@QAEEKKDK@Z
?QuerySTR@BSTRING@@QBEPADKKPADKE@Z
?Initialize@BSTRING@@QAEEPBDK@Z
?QueryScreenSize@SCREEN@@QBEXPAG000@Z
?MoveCursorTo@SCREEN@@QAEEGG@Z
?EraseScreenAndResetAttribute@SCREEN@@QAEEXZ
?Cast@SCREEN@@SGPAV1@PBVOBJECT@@@Z
?NewBuf@BDSTRING@@UAEEK@Z
?Resize@BDSTRING@@UAEEK@Z
??1BDSTRING@@UAE@XZ
??0BDSTRING@@QAE@XZ
?Cast@FILE_STREAM@@SGPAV1@PBVOBJECT@@@Z
?QuerySTR@WSTRING@@QBEPADKKPADKE@Z
?QueryByteCount@WSTRING@@QBEKXZ
?Strchr@BSTRING@@QBEKDK@Z
?NextChar@BSTRING@@QAEKK@Z
?NewBuf@DSTRING@@UAEEK@Z
?Initialize@BSTRING@@QAEEXZ
?Strspn@WSTRING@@QBEKPBV1@K@Z
?Strchr@WSTRING@@QBEKGK@Z
?Initialize@WSTRING@@QAEEXZ
?QueryStream@FSN_FILE@@QAEPAVFILE_STREAM@@W4STREAMACCESS@@K@Z
?DebugDump@OBJECT@@UBEXE@Z
?QueryResourceString@BASE_SYSTEM@@SAEPAVWSTRING@@KPBDZZ
??0PROGRAM@@IAE@XZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?Initialize@PROGRAM@@QAEEKKK@Z
?Initialize@CLASS_DESCRIPTOR@@QAEEPBD@Z
??0CLASS_DESCRIPTOR@@QAE@XZ
?EnableLineMode@KEYBOARD@@QAEEXZ
?DisableLineMode@KEYBOARD@@QAEEXZ
?Initialize@KEYBOARD@@QAEEEE@Z
??0KEYBOARD@@QAE@XZ
?SetConsoleConversions@WSTRING@@SGXXZ
?Strcat@WSTRING@@QAEEPBV1@@Z
?QueryNumber@WSTRING@@QBEEPAJKK@Z
?Truncate@WSTRING@@QAEKK@Z
?Strupr@WSTRING@@QAEPAV1@XZ
?Stricmp@WSTRING@@QBEJPBV1@@Z
??0OBJECT@@IAE@XZ
?ReadLine@STREAM@@QAEEPAVWSTRING@@E@Z
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?Resize@DSTRING@@UAEEK@Z
?SPrintf@DSTRING@@UAAEPBGZZ
?SPrintfAppend@DSTRING@@UAAEPBGZZ
?Initialize@WSTRING@@QAEEPBDK@Z
?Initialize@WSTRING@@QAEEPBGK@Z
?Display@MESSAGE@@QAAEPBDZZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
??1OBJECT@@UAE@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
??0MULTIPLE_PATH_ARGUMENT@@QAE@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z
?QueryEnvironmentVariable@SYSTEM@@SGPAVWSTRING@@PBV2@@Z
??0PATH_ARGUMENT@@QAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
??0ARRAY@@QAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?DeleteAllMembers@ARRAY@@UAEEXZ
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
??0LONG_ARGUMENT@@QAE@XZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
??0DSTRING@@QAE@XZ
??1DSTRING@@UAE@XZ

ntdll

RtlAllocateHeap
RtlFreeHeap

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
ExitProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-localization-l1-2-0

GetCPInfo
IsDBCSLeadByte

api-ms-win-core-console-l2-1-0

GenerateConsoleCtrlEvent

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

0fece6298ccd2180cc9f1b7c9f0969e2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ulib

ntdll

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 1024B

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 1024B

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB