06878e69a292f1e8c1f14b398b4214239087d469d9e9124cb62793d1345eff7e

Sharing

Copy URL

Twitter E-mail

General

Target

06878e69a292f1e8c1f14b398b4214239087d469d9e9124cb62793d1345eff7e
Size

280KB
MD5

8d31bf41fb393d1f535c3c50a7e04182
SHA1

b42d6ef325258a57cec85004a545b77ad2864dc2
SHA256

06878e69a292f1e8c1f14b398b4214239087d469d9e9124cb62793d1345eff7e
SHA512

2c7163d41dd657dbb996375ddaa331e0c118fceb353ddfb0901b41819f8b16c4069ea8dd2b23f14ada9918d13f0d45e8481a24923d73620f5b7462bf8284e683
SSDEEP

6144:+MK1yS5SypR2g4wv/1nDyRr37f+UQOBORQNd2pS2Bvw:+MKV5bpbHMXqO46yrBvw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/QWER.bin

Files

06878e69a292f1e8c1f14b398b4214239087d469d9e9124cb62793d1345eff7e
.zip

Password: infected
QWER.bin
.dll regsvr32 windows:4 windows x86 arch:x86

8774c2a2048003b6fbdcee97110d5bd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RtlUnwind
GetSystemInfo
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
GetTimeZoneInformation
SetHandleCount
GetStdHandle
GetTickCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GlobalFlags
WritePrivateProfileStringA
GetFileTime
GetFileAttributesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FindFirstFileA
FindClose
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
WaitForSingleObject
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
RaiseException
MulDiv
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
FindResourceW
HeapFree
GetNativeSystemInfo
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
VirtualProtect
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
LoadResource
LockResource
SizeofResource
FindResourceA
GlobalAlloc
GlobalFree
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetStartupInfoA
InterlockedExchange

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
wsprintfA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetLastActivePopup
SetCursor
PostQuitMessage
PostMessageA
GetWindowTextLengthA
GetWindowTextA
GetFocus
GetParent
SetWindowPos
SetFocus
IsWindowEnabled
MoveWindow
RegisterClipboardFormatA
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
GetWindowLongA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
UpdateWindow
GetDesktopWindow
UnregisterClassA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuA
SendMessageA
ShowWindow
LoadIconA
RedrawWindow
CharUpperA
EqualRect

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
DeleteObject
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
UrlUnescapeA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject

oleaut32

OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SystemTimeToVariantTime

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetOptionExA

Exports

Exports

DllRegisterServer

Sections

.text
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

8774c2a2048003b6fbdcee97110d5bd1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 248KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 148KB - Virtual size: 144KB

.reloc Size: 40KB - Virtual size: 36KB

.text
Size: 252KB - Virtual size: 248KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 148KB - Virtual size: 144KB

.reloc
Size: 40KB - Virtual size: 36KB