6655c5686b9b0292cf5121fc6346341bb888704b421a85a15011456a9a2c192a[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

6655c5686b9b0292cf5121fc6346341bb888704b421a85a15011456a9a2c192a.zip
Size

138KB
MD5

94dbcc8fd2430005d6039ed46f0fe115
SHA1

f07de754449be689f4d76522855661afdb996017
SHA256

aee3008e184fae25598da44ee69c8bc959530d74b8ec125b6620bb0dcfb5e9ab
SHA512

894a2625c4738afedae666ecf54baa3bee909284c7a34be095f36b72c7662414c8bcd4b255b49c8ebea5b0416c46e8911f8c52082cd51ffab77d1d98b029ed3a
SSDEEP

3072:TvH46pY/4vsjLelkjGMiQI5Prk7TUUXOiZH1eVLBD0FeXGmSa:bH41B6MO5znUXO6H1exBYaxt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6655c5686b9b0292cf5121fc6346341bb888704b421a85a15011456a9a2c192a

Files

6655c5686b9b0292cf5121fc6346341bb888704b421a85a15011456a9a2c192a.zip
.zip

Password: infected
6655c5686b9b0292cf5121fc6346341bb888704b421a85a15011456a9a2c192a
.dll windows:6 windows x86 arch:x86

373fbafe0063f9900a2de867dbe96fa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
GetFileAttributesW
SetFileAttributesW
GetLastError
lstrcatW
DeleteFileW
CreateThread
CreateProcessW
CopyFileW
lstrcpyW
lstrcmpW
MoveFileW
ReadFile
WriteFile
WaitForSingleObject
Sleep
SetFilePointerEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
lstrcatA
CreateFileA
CreatePipe
PeekNamedPipe
SetEvent
GetStartupInfoA
DeleteCriticalSection
CreateProcessA
CreateEventA
Process32First
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
LoadLibraryA
SetFileTime
GetProcAddress
FormatMessageA
GetEnvironmentVariableW
TerminateThread
GetTickCount
CreateNamedPipeA
lstrcpyA
ConnectNamedPipe
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
SetEndOfFile
UnmapViewOfFile
CreateFileMappingA
GetFileSize
MapViewOfFile
ResetEvent
GetCommandLineW
ExitProcess
WideCharToMultiByte
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
LocalAlloc
LocalFree
WriteConsoleW
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetConsoleMode
RemoveDirectoryW
lstrlenW
FindNextFileW
FindFirstFileW
GetStartupInfoW
CreateDirectoryW
GetDriveTypeW
CloseHandle
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
CreateFileW
Process32Next
GetConsoleCP
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
GetStdHandle
LCMapStringW
HeapFree
HeapAlloc
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer

user32

wsprintfA
GetDC
EnumDisplaySettingsA
ReleaseDC

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
RealizePalette
GetStockObject
GetDIBits
GetDeviceCaps
SelectPalette
DeleteObject
CreateDCA
GetObjectA

shell32

CommandLineToArgvW

ole32

StgCreateDocfile
CreateStreamOnHGlobal

gdiplus

GdipSetWorldTransform
GdipCloneBitmapArea
GdipLoadImageFromStreamICM
GdipFree
GdipTranslateMatrix
GdipCreateBitmapFromGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipGetImageEncodersSize
GdipDeleteGraphics
GdipGetImageWidth
GdipSaveImageToStream
GdipDeleteMatrix
GdipLoadImageFromStream
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipCreateMatrix
GdipAlloc
GdipCloneImage
GdipTransformMatrixPoints
GdipGetImageEncoders
GdipDrawImage

dbghelp

MiniDumpWriteDump

Exports

Exports

ModuleMain

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

373fbafe0063f9900a2de867dbe96fa1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

gdiplus

dbghelp

Exports

Exports

Sections

.text Size: 211KB - Virtual size: 210KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 9KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 211KB - Virtual size: 210KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 9KB

.reloc
Size: 8KB - Virtual size: 7KB