97cc9e5f0fb3963ab37b9010440b9df364589f2178d9677e85b179488b283f43

General

Target

97cc9e5f0fb3963ab37b9010440b9df364589f2178d9677e85b179488b283f43
Size

6.7MB
MD5

a6bd4c5a37eb3887e51f8f214c6efc65
SHA1

42e4d8480d0e94551e9fc55ffb709f1a33f1267b
SHA256

97cc9e5f0fb3963ab37b9010440b9df364589f2178d9677e85b179488b283f43
SHA512

5a8bb85577a2cc4940ee67098300e388155e23128e579622f4e21350ee118e2d6fee2cc9bea2673a7667067ea0bbbfe75417c2400146fbbfd0cd041cbdc809d0
SSDEEP

196608:fxy0LingvGFgJVc1uMfydAMGPsK/oKFIRRCBbZKlYO7mOU:frungvGizcfbsKgKFIRY1ZAYOi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Zeip.dll
unpack001/Zeip.exe.bin

Files

97cc9e5f0fb3963ab37b9010440b9df364589f2178d9677e85b179488b283f43
.zip
Zeip.dll
.dll windows:5 windows x86 arch:x86

78b4b07ec49eab1076c53a1a1cf86078

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ZR@4Hk*7L7H|SDs!u.pdb

Imports

kernel32

WaitForSingleObjectEx
GetBinaryTypeW
GetModuleFileNameW
CloseHandle
GetCurrentThreadId

oleaut32

GetRecordInfoFromGuids

powrprof

ReadPwrScheme

user32

UpdateWindow
SystemParametersInfoW
ChangeDisplaySettingsW

setupapi

SetupPromptForDiskW

gdi32

SetMapperFlags

msvcrt

memset

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 476KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Zeip.exe.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\Cryptn new 6.5\Cryptn new 6.5\obj\x86\Release\Zeip.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78b4b07ec49eab1076c53a1a1cf86078

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

powrprof

user32

setupapi

gdi32

msvcrt

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 476KB - Virtual size: 473KB

.data Size: 20KB - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 7.9MB - Virtual size: 7.9MB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 476KB - Virtual size: 473KB

.data
Size: 20KB - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 7.9MB - Virtual size: 7.9MB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 512B - Virtual size: 12B