41364427dee49bf544dcff61a6899b3b7e59852435e4107931e294079a42de7c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

41364427dee49bf544dcff61a6899b3b7e59852435e4107931e294079a42de7c.zip
Size

676KB
MD5

c103e3ffc43fba8ab547bb0b75abb251
SHA1

0031311853355b0170f14a8753fd962236360017
SHA256

c4a53b32522a07a31d23ee634fc468979901aff9089773dca021fc10c2443d17
SHA512

83e5ee3c3ef9e2feafe6f77275b63cb55784383fdf5641367fd4de3893d2b7bd6affd796e2d0adb89b2647b32791e7c9cd5c04e613d20b278473cf93a16fbf01
SSDEEP

12288:itOqPpjcwY3B67g3Om0A/umtWxMGHDvz68jhWKsuRFn1Fnz/MqVOwW/GG:itO6pj2g83UEJ6O8jQKsi1Rz/6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bewerbung-Lena-Kretschmer.bin

Files

41364427dee49bf544dcff61a6899b3b7e59852435e4107931e294079a42de7c.zip
.zip

Password: infected
Bewerbung-Lena-Kretschmer.bin
.exe windows:5 windows x86 arch:x86

Password: infected

c6d8fbc691deca6e5a427dc4e5fd153e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
GetVolumeInformationA
SetErrorMode
EnumSystemGeoID
DeviceIoControl
GlobalFree
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
MultiByteToWideChar
GlobalUnlock
GlobalLock
GetProcAddress
LoadLibraryA
GlobalAlloc
GetLastError
LocalFree
GetVersion
CreateFileW
WriteConsoleW
HeapReAlloc
LoadLibraryW
HeapSize
FlushFileBuffers
CancelIoEx
LCMapStringW
GetProcessHeap
SetEndOfFile
SetFilePointer
GetConsoleMode
GetConsoleCP
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetModuleFileNameA
FreeEnvironmentStringsW
VirtualQuery
GetModuleFileNameW
HeapCreate
ExitProcess
GetStringTypeW
IsProcessorFeaturePresent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
GetCommandLineW
Sleep
ReadFile
ResetEvent
SetupComm
SetCommState
SetCommTimeouts
CreateEventA
WriteFile
WaitForSingleObject
GetOverlappedResult
lstrcpynA
GetVersionExA
CreateFileA
CloseHandle
WideCharToMultiByte
SetLastError
GetModuleHandleA
FormatMessageA
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
ExitThread
RaiseException
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW

user32

GetUserObjectInformationW
SetActiveWindow
GetProcessWindowStation
MessageBoxA
wsprintfA
SetWindowPos
ShowWindow
SendMessageA
DefWindowProcA
TrackPopupMenu
ReleaseDC
GetDC
SetCaretBlinkTime
GetWindowLongA
SetCapture
PtInRect
RedrawWindow
CreateMenu
LoadMenuA
LoadBitmapA
AttachThreadInput
GetScrollPos
GetScrollRange
GetForegroundWindow
SetWindowLongA
GetClientRect
CopyRect
GetDlgItemInt
ClientToScreen
LoadImageA
DrawStateA
CreateWindowExA
GetWindowTextA
BeginPaint
DrawTextA
EndPaint
PostQuitMessage
SendDlgItemMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDlgItem
IsWindowVisible
CreatePopupMenu
AppendMenuA
SetForegroundWindow
GetCursorPos

gdi32

ExcludeClipRect
SetBrushOrgEx
CreateDCA
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreatePen
SetROP2
Rectangle
MoveToEx
LineTo
CreateDIBSection
StretchBlt
BitBlt
TextOutA
GetObjectA
GetPath

comdlg32

ChooseColorA
GetSaveFileNameW

advapi32

RegisterEventSourceA
DeregisterEventSource
RegQueryValueExA
RegCloseKey
ReportEventA

shell32

CommandLineToArgvW
Shell_NotifyIconA

ole32

StgOpenStorage
CreateStreamOnHGlobal
StringFromGUID2
StgCreateDocfile

oleaut32

SysAllocStringLen
SysFreeString
OleLoadPicture

opengl32

wglMakeCurrent
wglCreateContext

version

GetFileVersionInfoW

ws2_32

WSAStartup
WSACleanup
closesocket
getsockopt
socket
bind

shlwapi

PathFileExistsW
SHCreateStreamOnFileA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiClassGuidsFromNameA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

msimg32

AlphaBlend

rpcrt4

UuidToStringA
UuidCreate

winhttp

WinHttpOpen

powrprof

GetActivePwrScheme

rasapi32

RasEnumConnectionsA

tapi32

lineConfigProvider

d2d1

ord1

dwrite

DWriteCreateFactory

Exports

Exports

Take

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c6d8fbc691deca6e5a427dc4e5fd153e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

opengl32

version

ws2_32

shlwapi

setupapi

msimg32

rpcrt4

winhttp

powrprof

rasapi32

tapi32

d2d1

dwrite

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 26KB - Virtual size: 46KB

.rsrc Size: 566KB - Virtual size: 566KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 26KB - Virtual size: 46KB

.rsrc
Size: 566KB - Virtual size: 566KB

.reloc
Size: 23KB - Virtual size: 23KB