HBTX-sam[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

HBTX-sam.zip
Size

988KB
MD5

6a146a16680937765e073215f548824b
SHA1

a9ab00a2f85b5998455cb7369fec956b6ea5cf43
SHA256

22525c8a7671fc0c1bd018d0e03157152be106f503179a31281aebfa79d693a7
SHA512

eac7a71b26fb2c3f5b3490c16c68260b0048ef50018f30b30286c40955a7f90f8c41c21e4ea3523f1e9e0c3cf7bc684cae93460816bae2e864e8de4d682426af
SSDEEP

24576:zrtf6XBsdDD4kgWuAYEb3d48yDgJUboGFIPf6:vd6XB8DUkSpEb3d48CgiboGKPf6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/27ff12db2c2d5d3021e777fadc1e93be4ae4cd3ebc0fd0b45d6f98fcbcb3f704

Files

HBTX-sam.zip
.zip

Password: infected
27ff12db2c2d5d3021e777fadc1e93be4ae4cd3ebc0fd0b45d6f98fcbcb3f704
.exe windows:5 windows x86 arch:x86

Password: infected

66972b692ec3fab0692f3e2639cb4b6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

kernel32

GetFullPathNameW
GetEnvironmentVariableW
SetupComm
SetPriorityClass
lstrlenA
MapViewOfFile
WriteConsoleOutputCharacterA
HeapAlloc
ClearCommError
_lwrite
GetQueuedCompletionStatus
GetCurrentProcess
SetConsoleScreenBufferSize
FlushViewOfFile
ConnectNamedPipe
GetTickCount
GetThreadSelectorEntry
_hread
SizeofResource
FindNextVolumeW
IsDBCSLeadByte
GetModuleFileNameW
CompareStringW
MultiByteToWideChar
FindFirstFileExA
GetLastError
GetProcAddress
GetLongPathNameA
EnumDateFormatsExA
GetNumaHighestNodeNumber
GetAtomNameA
LoadLibraryA
GetProcessWorkingSetSize
LocalAlloc
SetCalendarInfoW
FindFirstVolumeMountPointW
GetExitCodeThread
CreatePipe
GetDefaultCommConfigA
WTSGetActiveConsoleSessionId
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
ResetWriteWatch
OpenFileMappingA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
IsProcessorFeaturePresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
CloseHandle
CreateFileA
SetStdHandle
FlushFileBuffers
HeapSize
LoadLibraryW
WriteConsoleW
LCMapStringW
GetStringTypeW
HeapReAlloc
SetEndOfFile
GetProcessHeap
ReadFile
CreateFileW

user32

GetCaretPos

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 66.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gusibi
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jito
Size: 1024B - Virtual size: 855B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tek
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.siheto
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10.2MB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

66972b692ec3fab0692f3e2639cb4b6c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 118KB - Virtual size: 118KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 66.6MB

.gusibi Size: 15KB - Virtual size: 14KB

.jito Size: 1024B - Virtual size: 855B

.tek Size: 34KB - Virtual size: 33KB

.siheto Size: 1024B - Virtual size: 1024B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 10.2MB - Virtual size: 37KB

.text
Size: 118KB - Virtual size: 118KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 66.6MB

.gusibi
Size: 15KB - Virtual size: 14KB

.jito
Size: 1024B - Virtual size: 855B

.tek
Size: 34KB - Virtual size: 33KB

.siheto
Size: 1024B - Virtual size: 1024B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 10.2MB - Virtual size: 37KB