d16518abb5dc4d76f4f423d02b0b8c99fe5edb89edf3c60ca64ebb2a6879a15e[.]zip

General

Target

d16518abb5dc4d76f4f423d02b0b8c99fe5edb89edf3c60ca64ebb2a6879a15e.zip
Size

30KB
MD5

06e6b71250aeb4876d710c4f76d3b909
SHA1

ee0cc1f97d6cc2e7b85a15a3eb7cb4746cf7285f
SHA256

0a4c3390db9fd74357a1c940f215d8f4260c83f2a2ad23aae77aaae6c514ab17
SHA512

380a515e051509aa7589953f2d3a95740e70ab19a2bfccff69ff2c328313eaf7611c4d64efac49ed931aad3987305219ef55e70426ffce6228648b6cbc713e0d
SSDEEP

384:rPbJcyiCOOhhPhFS29cT73Sh+1eyM1nE0ERRn3uO7u60OMqw4PuSxl4dmLA1rZgA:r9cyi8VFq/SR473ubCMDSxlEmLMdwJ2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d16518abb5dc4d76f4f423d02b0b8c99fe5edb89edf3c60ca64ebb2a6879a15e.exe

Files

d16518abb5dc4d76f4f423d02b0b8c99fe5edb89edf3c60ca64ebb2a6879a15e.zip
.zip

Password: infected
d16518abb5dc4d76f4f423d02b0b8c99fe5edb89edf3c60ca64ebb2a6879a15e.exe
.exe windows:5 windows x86 arch:x86

784a8c5e0b8c181edd21a34b2033106a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
SetFilePointerEx
CloseHandle
lstrlenW
CreateFileW
HeapCreate
GetCurrentProcess
ExitProcess
CreateThread
GetCurrentThread
SetThreadPriority
WaitForMultipleObjects
Sleep
GetLogicalDrives
SetFilePointer
FindClose
lstrcmpiA
lstrcmpiW
ReadFile
lstrcpyW
lstrcatW
GetModuleFileNameW
CreateProcessW
GetEnvironmentVariableW
GetDriveTypeA
GetTempPathW
GetTempFileNameW
SetFileAttributesW
GetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
SetPriorityClass
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
WriteFile
GetFileSizeEx
GetLastError
lstrlenA
GetProcessHeap
HeapFree
HeapReAlloc
lstrcpyA
HeapAlloc

user32

wsprintfA

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegOpenKeyExW

shell32

SHChangeNotify
ShellExecuteExW

ole32

CoCreateGuid

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW

ntdll

_allrem
RtlUnwind
_aulldiv
_alldiv
NtQueryVirtualMemory
_chkstk

Sections

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

784a8c5e0b8c181edd21a34b2033106a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

ntdll

Sections

.rdata Size: 55KB - Virtual size: 54KB

.rdata
Size: 55KB - Virtual size: 54KB