e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5[.]zip

General

Target

e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.zip
Size

30KB
MD5

d67e675cc634fa64bdae8e3801b2eb30
SHA1

0e9bb20ddb422621c3349b9a8bb2dcfdaff40b08
SHA256

7230ed28d9881355ee196933dbc1f280059f14e8efd45d4b555f444bb083e95a
SHA512

e76c5cc643c97f315c20a408856f5902174340a2d1c33679f12ffc2aede0dced35cfba4f5eee9d39c14e4a920dca8f7943d0f2cb5a0199a65f09955e350c1cae
SSDEEP

768:jsktApcBPc5tCtsT2tY48OOStgC/CtddaGq9Sv:jsgpBPgCyT2VFGdJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe

Files

e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.zip
.zip

Password: infected
e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
.exe windows:5 windows x86 arch:x86

ba2ce247fa49357770ce28f139e2f1ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
CloseHandle
lstrlenW
CreateFileW
HeapCreate
GetCurrentProcess
ExitProcess
CreateThread
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
Sleep
GetLogicalDrives
SetFilePointer
FindClose
lstrcmpiA
lstrcmpiW
lstrcpyA
ReadFile
lstrcatW
GetModuleFileNameW
CreateProcessW
GetEnvironmentVariableW
GetDriveTypeA
GetTempPathW
GetTempFileNameW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
SetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
WriteFile
GetFileSizeEx
GetLastError
lstrlenA
GetProcessHeap
HeapFree
HeapReAlloc
lstrcpyW
HeapAlloc

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW

shell32

SHChangeNotify
ShellExecuteExW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathAddBackslashW

ntdll

_aulldiv
_alldiv
_allrem
_chkstk
RtlUnwind
NtQueryVirtualMemory

Sections

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

ba2ce247fa49357770ce28f139e2f1ab

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

ntdll

Sections

.rdata Size: 54KB - Virtual size: 54KB

.rdata
Size: 54KB - Virtual size: 54KB