cfdc9cc4f1f491f68af1bec62154927ae5825ad9ffba8fc239341ab0a3f263c0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

cfdc9cc4f1f491f68af1bec62154927ae5825ad9ffba8fc239341ab0a3f263c0.zip
Size

280KB
MD5

b72d3c5bbfc82334842011b6dce41b49
SHA1

e9850c15c04e4e771613f1205c9a524978e9ef9f
SHA256

cfdc9cc4f1f491f68af1bec62154927ae5825ad9ffba8fc239341ab0a3f263c0
SHA512

56886923f9671d91e1610886fe1351cd82fb21c760f4302dcd844d14df094355fcab62139355eb92accaad0cdb02c554d758534ebceefc2e4e50614ba6ca4fdb
SSDEEP

6144:fBs8OHPjz/JFyB5kgezaBWkc8RRZUSv5xyPoZ9aA8kiAy7GEi6W:fBuPPJFyB5kkc6ZUSvPSY8kyw6W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Order Specification Requirement With Ref. AMABINIF38535.exe

Files

cfdc9cc4f1f491f68af1bec62154927ae5825ad9ffba8fc239341ab0a3f263c0.zip
.zip

Password: infected
dc6b7fb2c6963ba1b12de3e5127adc79809e06f89bd06da18cdeb3694f525278.7z
.rar
Order Specification Requirement With Ref. AMABINIF38535.exe
.exe windows:6 windows x86 arch:x86

28f23f3d8e8caef0d96e308e79b83dbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
ReadConsoleInputA
SetEndOfFile
SetEnvironmentVariableA
CreateFileW
OutputDebugStringW
GetFileAttributesExW
CreateProcessA
GetExitCodeProcess
WaitForSingleObject
WriteConsoleW
SetStdHandle
GetProcAddress
EnumSystemLocalesEx
IsValidLocaleName
LCMapStringEx
GetUserDefaultLocaleName
CompareStringEx
SetFilePointerEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount64
QueryPerformanceCounter
GetProcessHeap
LoadLibraryExW
LoadLibraryW
EnumTimeFormatsA
CallNamedPipeA
GetLastError
GetDiskFreeSpaceA
CreateJobObjectA
HeapWalk
HeapReAlloc
SetConsoleActiveScreenBuffer
GetModuleHandleW
TerminateProcess
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
WideCharToMultiByte
GetLocaleInfoEx
MultiByteToWideChar
GetStringTypeW
GetSystemTimeAsFileTime
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCommandLineW
RaiseException
RtlUnwind
HeapFree
InitializeCriticalSectionAndSpinCount
GetCPInfo
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
SetFilePointer
GetStdHandle
GetFileType
InitOnceExecuteOnce
GetStartupInfoW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
HeapSize
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetCurrentThreadId
ReadFile
ReadConsoleW
GetModuleFileNameW
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetConsoleMode

mscms

GetColorProfileElement
RegisterCMMW
CloseColorProfile

winmm

waveOutGetDevCapsW
mmTaskCreate
waveInGetID
waveOutGetVolume

oleaut32

VarR8FromUI2
VarI1FromUI4
VarI1FromDate
SysReAllocString
VarDateFromStr
VarI4FromI2
VarUI4FromDisp
VarBoolFromUI1
VarI1FromDec

mapi32

ord22
ord126
ord152
ord128
ord160
ord36

setupapi

SetupQueueCopyA
SetupDiGetDeviceInterfaceAlias
SetupAddToDiskSpaceListW
SetupOpenInfFileA

imm32

ImmGetGuideLineA
ImmGetCompositionWindow
ImmGetIMCCSize
ImmSetStatusWindowPos
ImmUnlockIMC
ImmNotifyIME
ImmGetCandidateListCountW
ImmDestroyIMCC

ole32

OleConvertOLESTREAMToIStorage
OpenOrCreateStream

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

28f23f3d8e8caef0d96e308e79b83dbf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mscms

winmm

oleaut32

mapi32

setupapi

imm32

ole32

Sections

.text Size: 139KB - Virtual size: 138KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 139KB - Virtual size: 138KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 35KB - Virtual size: 35KB