d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1.zip
Size

7.9MB
MD5

c5762e5ecf14209b5d3cc1effe558ab1
SHA1

32bf6430a2f741b735800c51b96340c078b2fbf3
SHA256

fe5e31d0d20eea7dc2cfc16a65d81663dfadf519d8c5ed847245875b95261ea3
SHA512

45e09196f1c75dc26f073db4748ee4ee206582f699c03db19fb734165284ce9312e91eed3131b0b3de6b90d37de68351bccfe4f572383e06bd5c8160b5a61f03
SSDEEP

196608:qcTZ76dSp/0DeqF0jf9c5p86fs78V2NwT98uLN39/xg30J5:3Z7pKV0j2/12NwB8YpKI5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1

Files

d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1.zip
.zip

Password: infected
d8ff7b3040d2674dbdc77b184266ddef54444c0d8db4880ddd3bcd45d610e0c1
.exe windows:4 windows x86 arch:x86

12f12d364f5f6a801e52c9dce28d1965

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
SysAllocString

user32

SendMessageA
SetTimer
KillTimer
DialogBoxParamA
SetWindowLongA
GetWindowLongA
SetWindowTextW
SetWindowTextA
LoadIconA
LoadStringW
LoadStringA
CharUpperW
CharUpperA
DestroyWindow
EndDialog
PostMessageA
ShowWindow
MessageBoxW
GetDlgItem
DialogBoxParamW

shell32

ShellExecuteExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcpy
free
malloc
_CxxThrowException
_purecall
memmove
__CxxFrameHandler
memcmp

kernel32

GetCommandLineW
GetStartupInfoA
GetModuleHandleA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventA
VirtualFree
VirtualAlloc
Sleep
WaitForMultipleObjects
GetStdHandle
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameA
GetTempPathA
GetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
SetFileAttributesW
RemoveDirectoryA
SetFileAttributesA
SetLastError
CreateFileW
SetFileTime
GetWindowsDirectoryA
FormatMessageW
FormatMessageA
LocalFree
GetModuleFileNameW
GetModuleFileNameA
AreFileApisANSI
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
WaitForSingleObject
CloseHandle
CreateProcessA
SetCurrentDirectoryA
GetVersionExA
LeaveCriticalSection
EnterCriticalSection

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

12f12d364f5f6a801e52c9dce28d1965

Headers

File Characteristics

Imports

oleaut32

user32

shell32

msvcrt

kernel32

Sections

.text Size: 81KB - Virtual size: 80KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 10KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 81KB - Virtual size: 80KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 10KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 17KB - Virtual size: 17KB