19245927366[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

19245927366.zip
Size

1.6MB
MD5

d81f6599ecdced369881764b397f2e4c
SHA1

9443a6b365d290774857a40f52d152d889691ff4
SHA256

bc14be2b3a467fc50e37e01a6b6a271f7b6d85aab4eb906a14be58e5b3767ab6
SHA512

9c8be654d75694562e0c712ccc560738288c5c6825863648960dd809ab06957b835210a8314b77acb1300619fece116705be2b4497d1e1af0ac1cadc4c4904e8
SSDEEP

49152:KfWrQd0IDh2ahmwGX9528KNLN6wzIgqMfzmGcS:KGQkP26w0mfzmGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fd1c238e1e3e0c34ab577a632bf509b98833db3396e03d8519f4d6ccb4367d32

Files

19245927366.zip
.zip

Password: infected
fd1c238e1e3e0c34ab577a632bf509b98833db3396e03d8519f4d6ccb4367d32
.exe windows:6 windows x64 arch:x64

Password: infected

bb76b830dfd5165d1442d0ec0a097a79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

badbebras.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WakeByAddressSingle
WaitOnAddress

bcryptprimitives

ProcessPrng

kernel32

SetFileInformationByHandle
CreateFileW
GetTempPathW
CreateThread
GetSystemTimePreciseAsFileTime
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
UnhandledExceptionFilter
GetCurrentProcessId
CreateMutexA
ReleaseMutex
WideCharToMultiByte
RtlVirtualUnwind
DeleteFileW
DuplicateHandle
CopyFileExW
OpenProcess
GetEnvironmentVariableW
lstrlenW
ReadProcessMemory
SetUnhandledExceptionFilter
GetFullPathNameW
TerminateProcess
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetSystemInfo
LocalFree
VirtualQueryEx
FormatMessageW
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeviceIoControl
GetModuleHandleW
GlobalMemoryStatusEx
QueryPerformanceFrequency
WriteConsoleW
MultiByteToWideChar
FindClose
WaitForSingleObject
GetConsoleMode
GetStdHandle
GetFileInformationByHandle
SetHandleInformation
QueryPerformanceCounter
GetComputerNameExW
FindFirstFileW
GetModuleHandleA
Sleep
SetFileCompletionNotificationModes
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetFinalPathNameByHandleW
SetLastError
IsProcessorFeaturePresent
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
SwitchToThread
CreateDirectoryW
GetProcAddress
HeapFree
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
GetLogicalDrives
FindNextFileW
GetTickCount64
GetCurrentThread
CloseHandle
GetFileInformationByHandleEx
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
MoveFileExW
SetFilePointerEx
GetCurrentProcess

crypt32

CertGetCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CryptUnprotectData
CertDuplicateCertificateContext
CertDuplicateStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertFreeCertificateChain

iphlpapi

FreeMibTable
GetIfEntry2
GetIfTable2

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum

secur32

LsaFreeReturnBuffer
LsaEnumerateLogonSessions
LsaGetLogonSessionData
QueryContextAttributesW
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer
EncryptMessage
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken

advapi32

RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
RegCloseKey
LookupAccountSidW
SystemFunction036
GetTokenInformation

ws2_32

bind
ioctlsocket
closesocket
connect
getsockopt
WSAIoctl
send
WSASend
getaddrinfo
setsockopt
getsockname
WSAGetLastError
getpeername
recv
freeaddrinfo
WSAStartup
WSASocketW
WSACleanup
shutdown

ntdll

NtQueryInformationProcess
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
RtlGetVersion
NtWriteFile
NtCreateFile
NtQuerySystemInformation
NtReadFile

psapi

GetPerformanceInfo
GetModuleFileNameExW

shell32

CommandLineToArgvW

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoSetProxyBlanket
CoUninitialize

pdh

PdhOpenQueryA
PdhCollectQueryData
PdhCloseQuery
PdhGetFormattedCounterValue
PdhAddEnglishCounterW
PdhRemoveCounter

powrprof

CallNtPowerInformation

oleaut32

VariantClear
SysFreeString
SysAllocString

bcrypt

BCryptGenRandom

vcruntime140

memset
__current_exception_context
__current_exception
memcpy
memcmp
__CxxFrameHandler3
memmove
_CxxThrowException
strrchr
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strlen
strcmp
strncmp
wcslen
strcspn

api-ms-win-crt-math-l1-1-0

log10
exp2
_dclass
log
__setusermatherr
floor
pow
round

api-ms-win-crt-heap-l1-1-0

realloc
free
_set_new_mode
_msize
malloc

api-ms-win-crt-utility-l1-1-0

_rotl64
qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

__p___argc
_initterm
__p___argv
_exit
_cexit
exit
_seh_filter_exe
_set_app_type
_configure_narrow_argv
_c_exit
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_endthreadex
_register_thread_local_exe_atexit_callback
_beginthreadex
_get_initial_narrow_environment
_initialize_narrow_environment
_initterm_e

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 856KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bb76b830dfd5165d1442d0ec0a097a79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

crypt32

iphlpapi

netapi32

secur32

advapi32

ws2_32

ntdll

psapi

shell32

ole32

pdh

powrprof

oleaut32

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 856KB - Virtual size: 856KB

.data Size: 24KB - Virtual size: 27KB

.pdata Size: 107KB - Virtual size: 106KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 856KB - Virtual size: 856KB

.data
Size: 24KB - Virtual size: 27KB

.pdata
Size: 107KB - Virtual size: 106KB

.reloc
Size: 11KB - Virtual size: 10KB