def9977aea5ec8d9f39c8691deb63b53b00648a22b8a9b3e527e8014aa346eb9[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

def9977aea5ec8d9f39c8691deb63b53b00648a22b8a9b3e527e8014aa346eb9.zip
Size

9KB
MD5

88f65d8b04bd855c303bec2bc42b7fa6
SHA1

3d16d0ac4a85b6b25f75d7bf377bd10d4306fbbf
SHA256

57bcfb02f37c874febb1be7d6c05fab9fd68962df3434cb6d89ec7ba4e01cbe6
SHA512

bf4f801e89058d4aa3731ca56b0ba61aa3ab95d5c066d24b2e61e49d9626ed4da9b48b242b83ccc51862508fe8117b580bccec12d1fdfa608e953bc35e204991
SSDEEP

192:WKtE2j+20RNnudAqO1aY40oKnd4RCpHihvBAEcFaD2/5XtqBujx:WyBjt0RxMA94TKndvHYcED2xXsBK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/def9977aea5ec8d9f39c8691deb63b53b00648a22b8a9b3e527e8014aa346eb9.exe

Files

def9977aea5ec8d9f39c8691deb63b53b00648a22b8a9b3e527e8014aa346eb9.zip
.zip

Password: infected
def9977aea5ec8d9f39c8691deb63b53b00648a22b8a9b3e527e8014aa346eb9.exe
.exe windows:6 windows x64 arch:x64

ffa535c8116b2e27e6b72a7438ffeff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptReleaseContext
OpenServiceA
CryptSetKeyParam
CheckTokenMembership
FreeSid
CryptDestroyHash
CryptHashData
CryptDeriveKey
CryptCreateHash
ControlService
OpenSCManagerA
AllocateAndInitializeSid
CryptGenRandom
CryptEncrypt
CloseServiceHandle
CryptAcquireContextA
CryptDestroyKey

shell32

SHGetKnownFolderPath
ShellExecuteA
ShellExecuteExA

ole32

CoTaskMemFree

wininet

InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
HttpOpenRequestA

kernel32

GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetModuleFileNameA
CloseThreadpool
CreateThreadpool
FindFirstFileA
GetDriveTypeA
FindNextFileA
FindClose
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
Sleep
GetLastError
CreateThreadpoolCleanupGroup
SubmitThreadpoolWork
CreateThreadpoolWork
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter

vcruntime140

__current_exception
strrchr
__current_exception_context
memcpy
strstr
__C_specific_handler
memset

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
terminate
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_exit

api-ms-win-crt-stdio-l1-1-0

feof
__stdio_common_vsprintf
__p__commode
__stdio_common_vfprintf
fclose
__acrt_iob_func
fwrite
fread
fopen
_set_fmode

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
remove

api-ms-win-crt-string-l1-1-0

_strdup
_stricmp

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

ffa535c8116b2e27e6b72a7438ffeff4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

wininet

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 780B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 780B

.reloc
Size: 512B - Virtual size: 48B