9ed94544b25b090f7792a9ded142232a9decebca664a9e534f9540adf070bd3c[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9ed94544b25b090f7792a9ded142232a9decebca664a9e534f9540adf070bd3c.zip
Size

574KB
MD5

4b2f9980b0ac21d12ae0452955cd6be4
SHA1

06e304804d16c37152d3a14316eabb1f4137b24b
SHA256

9ed94544b25b090f7792a9ded142232a9decebca664a9e534f9540adf070bd3c
SHA512

6d9ef353ef462346abad2b683ef098809fb94dccac4ca1f95ca4bc1bf79279b7d4fa3d1d0fd9f185151c0f6bd79a8131e42d09b8b9e8fba89ba09b7d12f9bb7a
SSDEEP

12288:LD8zHyAGqNiRxJYdAWbSPlBPTrHBgZCJRqC1z9aFv:UWOSxJYdAWbYBPnBDSC1paR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e652e4656e036887ef4b145b2eb9bfd92e908889302e42a9ca74e66ed1ac64a7.dll

Files

9ed94544b25b090f7792a9ded142232a9decebca664a9e534f9540adf070bd3c.zip
.zip

Password: infected
e652e4656e036887ef4b145b2eb9bfd92e908889302e42a9ca74e66ed1ac64a7.dll
.dll windows:4 windows x86 arch:x86

da12150bad5f9068dde2dc0c7e127fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\course\East\692\Other\swim\mix.pdb

Imports

kernel32

WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
VirtualProtectEx
SetConsoleOutputCP
SetConsoleCP
GetModuleFileNameW
CreateSemaphoreW
GetWindowsDirectoryW
VirtualProtect
EnterCriticalSection
GetVolumeInformationW
InitializeCriticalSection
GetTickCount
CloseHandle
DeleteFileW
CopyFileW
GetStartupInfoW
CreateProcessW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
DeleteCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCPInfo
GetLastError
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetACP
GetOEMCP
FatalAppExitA
ExitProcess
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
GetLocaleInfoW
ReadFile
WriteConsoleA
GetConsoleOutputCP
SetEnvironmentVariableA

user32

ExitWindowsEx
EndDeferWindowPos
InflateRect
IntersectRect

gdi32

MoveToEx
SetBkMode
LineTo
IntersectClipRect

comdlg32

ChooseColorW
GetOpenFileNameA
ChooseFontW
GetFileTitleW
GetSaveFileNameW

comctl32

ImageList_GetImageCount
ImageList_Create
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_GetDragImage
ImageList_EndDrag

cabinet

ord13
ord14
ord10
ord11

gpedit

DeleteAllGPOLinks
ImportRSoPData
CreateGPOLink
BrowseForGPO

Exports

Exports

Lotall
Map
Movehere

Sections

.text
Size: 820KB - Virtual size: 816KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

da12150bad5f9068dde2dc0c7e127fab

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

comctl32

cabinet

gpedit

Exports

Exports

Sections

.text Size: 820KB - Virtual size: 816KB

.data Size: 8KB - Virtual size: 16.1MB

.rsrc Size: 4KB - Virtual size: 944B

.reloc Size: 52KB - Virtual size: 51KB

.text
Size: 820KB - Virtual size: 816KB

.data
Size: 8KB - Virtual size: 16.1MB

.rsrc
Size: 4KB - Virtual size: 944B

.reloc
Size: 52KB - Virtual size: 51KB