21353997216[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

21353997216.zip
Size

4.4MB
MD5

57a40c249121b583364eb43797831f90
SHA1

09e2b8fec496e9b4cc82adfd3d515e423783a258
SHA256

b1bd09509b474c5e4d8a652e27dfd37113ee64a238e696dd25d4c9a78f4c9b26
SHA512

7d63356efe16611a243160e61640210002c7d480516490373d5e2e402b7ff45ee4e5ccfa9dad3e07f18da26291517eebbdad3905d9f6d21799106241e4c5f839
SSDEEP

98304:/hfl6VurpNbT+SoBwk0dKCl6tqcW+hTenUvYG3WUhpbaPU:JAur3T+SoazdnlojTkUvr3YU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1

Files

21353997216.zip
.zip

Password: infected
018150d42eef2a004821b1ae6242a1daaeb122786b6ba4c5437f45390ccb7cd1
.exe windows:6 windows x64 arch:x64

7cc37e7f5027a42ab6409300541da622

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BUILD\wor0!yQoNK6xLtNFN_)n!WYB

Imports

ws2_32

WSAGetLastError
closesocket
WSAStartup
ntohl
connect
FreeAddrInfoExW
setsockopt
WSAIoctl
htonl
WSAResetEvent
shutdown
WSAWaitForMultipleEvents
recv
__WSAFDIsSet
ioctlsocket
socket
gethostname
getservbyname
FreeAddrInfoW
ntohs
getsockname
recvfrom
select
sendto
send
GetAddrInfoExW
bind
htons
WSACleanup
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
WSASetLastError
GetAddrInfoW

wininet

InternetReadFile
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetOpenUrlW

user32

EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
MonitorFromPoint
EnumDisplaySettingsW
ChangeDisplaySettingsExW
SetMenu
RegisterWindowMessageW
CheckMenuRadioItem
GetSysColorBrush
GetMenuItemID
CheckMenuItem
DrawFrameControl
DrawEdge
IsClipboardFormatAvailable
SetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
IsRectEmpty
ValidateRgn
UnionRect
EndPaint
BeginPaint
GetWindowDC
ValidateRect
GetMessageW
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetClassNameW
MessageBeep
GetCaretBlinkTime
GetDoubleClickTime
GetProcessDefaultLayout
DestroyCursor
HideCaret
GetWindowTextLengthW
keybd_event
IsMenu
GetComboBoxInfo
ChildWindowFromPoint
FindWindowExW
OffsetRect
CopyRect
SetRectEmpty
SetRect
DrawStateW
GetClipboardFormatNameW
RegisterClipboardFormatW
DrawIconEx
CreateIconIndirect
SetWindowRgn
EnableMenuItem
GetSystemMenu
DrawMenuBar
CreateDialogIndirectParamW
IsZoomed
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
GetWindowPlacement
GetDialogBaseUnits
GetIconInfo
LoadImageW
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
InflateRect
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ClientToScreen
GetCursorPos
SetCursorPos
GetClientRect
EnableScrollBar
ScrollWindow
RedrawWindow
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MoveWindow
AnimateWindow
IsWindow
CallWindowProcW
PostQuitMessage
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
TranslateMessage
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowRect
SetWindowPos
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
FillRect
DrawFocusRect
GetSysColor
ScreenToClient
ReleaseDC
GetDC
DrawTextW
GetKeyState
GetFocus
DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeGetLastError
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeClientTransaction
DdeNameService
DdePostAdvise
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
KillTimer
MsgWaitForMultipleObjects
DispatchMessageW
DestroyWindow
DefWindowProcW
SendMessageW
PeekMessageW
BringWindowToTop
CreateWindowExW
RegisterClassW
PostMessageW
PostThreadMessageW
wsprintfW
GetDesktopWindow
LoadStringW
GetClassInfoExW
CallNextHookEx
RegisterClassExW
ShowWindow
GetWindowThreadProcessId
EnumWindows
WaitForInputIdle
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetKeyboardLayoutList
MessageBoxW
SetForegroundWindow
FindWindowW
UnregisterClassW
LoadIconW
LoadBitmapW
CharLowerW
SetWindowTextW
GetWindowTextW
InvalidateRect
LoadCursorW
SetCursor
DestroyIcon
SetTimer

shell32

ord727
CommandLineToArgvW
SHGetFileInfoW
ord51
SHGetFolderPathW
ord6
ShellExecuteExW
SHFileOperationW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
ExtractIconW
ExtractIconExW

advapi32

LookupAccountSidW
RegEnumKeyW
OpenProcessToken
GetUserNameW
OpenThreadToken
GetTokenInformation
EqualSid
RegGetValueW
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
SystemFunction036
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RevertToSelf
RegDeleteKeyExW
RegQueryMultipleValuesW
RegDeleteTreeW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
StartServiceW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegNotifyChangeKeyValue
EnumServicesStatusW
QueryServiceConfigW
QueryServiceStatus
RegDeleteValueW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
OleUninitialize
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
RevokeDragDrop
CoLockObjectExternal
StringFromGUID2
RegisterDragDrop
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleInitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

winhttp

WinHttpSetStatusCallback
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetCredentials
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpSetOption
WinHttpCrackUrl
WinHttpConnect
WinHttpOpen

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW

shlwapi

SHAutoComplete
PathMatchSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension

ntdll

RtlNtStatusToDosError
NtSetInformationThread
NtClose
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
NtOpenKey
NtQueryKey
NtDeleteKey
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
VerSetConditionMask

kernel32

CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetErrorMode
GetFileTime
GetLongPathNameW
GetTempFileNameW
GetTempPathW
EnumResourceNamesW
SetCurrentDirectoryW
GetFileType
GetCommandLineW
GetCurrentProcessId
ExitProcess
GetACP
IsValidLocale
GetUserDefaultUILanguage
GetCurrentProcess
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
OutputDebugStringW
GetEnvironmentVariableW
IsDebuggerPresent
TerminateProcess
LoadResource
LockResource
SizeofResource
FindResourceW
IsValidCodePage
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentThread
RaiseException
SetHandleInformation
PeekNamedPipe
GetExitCodeProcess
IsBadReadPtr
IsBadStringPtrA
MulDiv
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalSize
GlobalHandle
GetStdHandle
AttachConsole
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
UnmapViewOfFile
CompareFileTime
VerifyVersionInfoW
QueryUnbiasedInterruptTime
CreateIoCompletionPort
CompareStringW
GetThreadPriority
InitializeCriticalSectionAndSpinCount
GetThreadTimes
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
GetProcessIoCounters
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
K32GetProcessImageFileNameW
GetProcessTimes
GetPriorityClass
K32GetProcessMemoryInfo
FlushFileBuffers
GetFullPathNameW
OutputDebugStringA
GetDateFormatW
GetTimeFormatW
SetFileAttributesW
MoveFileExW
LockFileEx
FindFirstFileExW
GetVolumeNameForVolumeMountPointW
GetVersion
FindResourceExW
SetEnvironmentVariableW
UnlockFileEx
SetFileInformationByHandle
FreeResource
K32GetMappedFileNameW
GetVolumePathNamesForVolumeNameW
GetSystemTimes
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
MoveFileExA
GetEnvironmentVariableA
CreateFileA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
ExpandEnvironmentStringsA
RegisterWaitForSingleObject
UnregisterWait
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetLogicalDriveStringsW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
EnumSystemLocalesW
GetUserDefaultLCID
SetFilePointer
GetConsoleOutputCP
SetThreadLocale
GetCPInfo
LoadLibraryExW
SetThreadAffinityMask
ResumeThread
LCMapStringW
CreateSemaphoreW
ReleaseSemaphore
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SystemTimeToTzSpecificLocalTime
ReadConsoleW
GetConsoleMode
GetFileInformationByHandle
GetTimeZoneInformation
SetStdHandle
FreeLibraryAndExitThread
ExitThread
InterlockedPushEntrySList
GetStartupInfoW
InitializeSListHead
SetUnhandledExceptionFilter
GetFileAttributesExW
UnhandledExceptionFilter
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
SetEndOfFile
SetFilePointerEx
ResetEvent
WaitForMultipleObjectsEx
SleepEx
CreateThread
GetWindowsDirectoryW
GetFileSizeEx
DeviceIoControl
GetLocaleInfoW
GetTickCount64
GetLocalTime
FindNextVolumeW
GetVolumeInformationW
QueryDosDeviceW
GetDiskFreeSpaceExW
GetDriveTypeW
FindVolumeClose
FindFirstVolumeW
GetSystemInfo
GetSystemDirectoryW
GlobalMemoryStatusEx
FreeLibrary
LoadLibraryW
WaitForMultipleObjects
SetEvent
CreateEventW
SetLastError
SystemTimeToFileTime
FileTimeToSystemTime
OpenProcess
GetVolumePathNameW
CopyFileW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameW
GetVersionExW
WriteFile
RemoveDirectoryW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
GetComputerNameW
CreateProcessW
CreatePipe
Sleep
FindClose
FindNextFileW
FindFirstFileW
ReadFile
CreateFileW
GetNativeSystemInfo
FreeConsole
GetCommandLineA
CreateMutexW
CloseHandle
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
FormatMessageW
HeapSize
GetCurrentThreadId
InitializeCriticalSectionEx
GetModuleHandleExW
HeapFree
GetModuleFileNameA
GetUserDefaultLangID
GetModuleHandleW
LocalFree
DeleteFileW
GetSystemTime
CreateDirectoryW
TerminateThread
WaitForSingleObject
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
GetLastError
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTickCount
GetFileAttributesW
CompareStringEx
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
WaitForSingleObjectEx
GetStringTypeW
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
EncodePointer

gdi32

EqualRgn
MoveToEx
LineTo
GetBkColor
GetRgnBox
PtInRegion
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
CreateDIBitmap
GetDIBits
CreateDIBSection
ExtCreatePen
GetDIBColorTable
SetDIBColorTable
CreateDCW
EnumFontFamiliesExW
GetSystemPaletteEntries
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
SetAbortProc
StartDocW
EndDoc
StartPage
EndPage
SetGraphicsMode
CreatePen
CreatePatternBrush
CreateHatchBrush
RectInRegion
CreateRectRgnIndirect
CombineRgn
ExtSelectClipRgn
SelectClipRgn
RoundRect
GetTextExtentPoint32W
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolyBezier
Polyline
Polygon
LPtoDP
DPtoLP
ExtTextOutW
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetStretchBltMode
SetROP2
StretchDIBits
StretchBlt
SetPolyFillMode
SetPixel
GetLayout
SetLayout
GetObjectW
DeleteObject
CreateSolidBrush
SelectObject
SetBkMode
SetTextColor
SetBkColor
Rectangle
CreateRectRgn
ExcludeClipRect
GetDeviceCaps
PolyPolygon
Pie
MaskBlt
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
RealizePalette
SelectPalette
GetTextMetricsW
SetBrushOrgEx
GdiFlush
CreateFontIndirectW
GetOutlineTextMetricsW
ExtCreateRegion
GetRegionData
OffsetRgn
GetObjectType
GetGraphicsMode
GetClipBox
ExtFloodFill
Ellipse
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
Arc
SetMapMode

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comdlg32

PageSetupDlgW
PrintDlgW
ChooseFontW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

uxtheme

IsThemePartDefined
GetThemeBackgroundExtent
GetCurrentThemeName
GetThemeBackgroundContentRect
SetWindowTheme
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeSysFont
IsThemeBackgroundPartiallyTransparent
GetThemeColor
DrawThemeParentBackground
GetThemeMargins
GetThemeFont
IsThemeActive
IsAppThemed
GetThemePartSize
GetThemeInt
GetThemeSysColor

msimg32

GradientFill
AlphaBlend

bcrypt

BCryptGenRandom

iphlpapi

GetAdaptersAddresses
FreeMibTable
GetUnicastIpAddressTable
CancelMibChangeNotify2
Icmp6SendEcho2
Icmp6CreateFile
IcmpSendEcho
IcmpCreateFile
IcmpCloseHandle
GetNetworkParams
GetBestRoute2
IcmpSendEcho2Ex

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount
ImageList_Destroy
ord16
ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_Replace
ImageList_SetBkColor
ord17
ImageList_Add

rpcrt4

RpcEpUnregister
UuidFromStringW
UuidToStringW
RpcStringFreeW

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

7cc37e7f5027a42ab6409300541da622

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

user32

shell32

advapi32

ole32

oleaut32

winhttp

setupapi

shlwapi

version

crypt32

ntdll

kernel32

gdi32

winspool.drv

comdlg32

uxtheme

msimg32

bcrypt

iphlpapi

comctl32

rpcrt4

Exports

Exports

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 172KB - Virtual size: 459KB

.pdata Size: 233KB - Virtual size: 233KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 92KB - Virtual size: 91KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 172KB - Virtual size: 459KB

.pdata
Size: 233KB - Virtual size: 233KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 92KB - Virtual size: 91KB