MDE_File_Sample_dc8c7a24b0d6adbabe5acf44ac82772f432bbc5b[.]zip

Resubmissions

17/10/2024, 20:14

241017-yz1qjaxbnm 3

17/10/2024, 20:09

241017-yxfbtaxall 3

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_dc8c7a24b0d6adbabe5acf44ac82772f432bbc5b.zip
Size

18KB
MD5

9da99af9c564920dcd7c560351571217
SHA1

75c994e5c069ba265f9bb744685d006fc4d8ea93
SHA256

1bc92a7ce176ab5bcf0860e7a18a14d1dc922066876297775ce31dc062c76572
SHA512

238c408f9715ed8b5a355eb29586bf5fdae01297b976afb32f31086f6b7edab5b3b1973ebab5dd8af6e98c5b4b4298888bd39ce6807fbac63527628b0f950caf
SSDEEP

384:M+IwUSMpOd5lI1M1bhVk4DfbsspUzKT934sQvtmXJYgnc2oc:4XSMwLUM17Nbs+T93Hktmmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe

Files

MDE_File_Sample_dc8c7a24b0d6adbabe5acf44ac82772f432bbc5b.zip
.zip

Password: infected
Setup.exe
.exe windows:4 windows x86 arch:x86

Password: infected

02c1179bf84e84c73fd663341032370a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

mfc42

ord4424
ord3610
ord800
ord656
ord641
ord860
ord540
ord567
ord324
ord825
ord2370
ord2302
ord4234
ord4853
ord1200
ord3874
ord858
ord6199
ord5572
ord537
ord2919
ord3698
ord326
ord765
ord2642
ord2086
ord4123
ord3744
ord3092
ord4047
ord4160
ord4673
ord665
ord1979
ord6385
ord5186
ord354
ord941
ord924
ord535
ord2818
ord610
ord6139
ord287
ord4627
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3318
ord5683
ord2864
ord939
ord940
ord922
ord703
ord5445
ord6389
ord403
ord5442
ord1576
ord2621
ord4277
ord4129
ord1134
ord1146
ord5981
ord2379
ord755
ord470
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4710
ord4998
ord4376
ord5265
ord823
ord1168

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__p___argc
_mbsicmp
__p___argv
_splitpath
_setmbcp
strrchr
sprintf
atoi
malloc
free
__CxxFrameHandler
atol

kernel32

GlobalAlloc
lstrcpynA
GlobalLock
GlobalFree
GlobalUnlock
GetFileAttributesA
SetFileAttributesA
GetLastError
FormatMessageA
lstrcatA
LocalHandle
LocalFree
GetCurrentProcess
GetModuleHandleA
GetProcAddress
WaitForSingleObject
SetLastError
CreateProcessA
FindNextFileA
FindClose
FindFirstFileA
CloseHandle
GetFileSize
CreateFileA
WinExec
CreateDirectoryA
GetSystemDirectoryA
GetVersionExA
GetUserDefaultLCID
GetModuleFileNameA
SearchPathA
GetCurrentDirectoryA
MultiByteToWideChar
GetStartupInfoA
lstrcmpA
GetPrivateProfileStringA
DeleteFileA
CopyFileA
lstrcpyA
GetExitCodeProcess
TerminateProcess
lstrlenA

user32

IsIconic
SendMessageA
EnableWindow
TranslateMessage
DispatchMessageA
PeekMessageA
MessageBoxA
wsprintfA
LoadStringA
GetParent
SystemParametersInfoA
GetActiveWindow
LoadIconA
DrawIcon
GetClientRect
GetSystemMetrics

winspool.drv

EnumMonitorsA
AddMonitorA
AddPortA
AddPrinterA
EnumPrinterDriversA
GetPrinterDriverDirectoryA
AddPrinterDriverA
OpenPrinterA
GetPrinterA
DocumentPropertiesA
SetPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegDeleteValueA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetPathFromIDListA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

02c1179bf84e84c73fd663341032370a

Headers

File Characteristics

Imports

shlwapi

mfc42

msvcrt

kernel32

user32

winspool.drv

advapi32

shell32

ole32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 5KB