f48ac20973b5932872ff416d6a5a195129844f310ba6ee761e932f5f8510aad0[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f48ac20973b5932872ff416d6a5a195129844f310ba6ee761e932f5f8510aad0.zip
Size

172KB
MD5

c756850e99d98fa0d2253a6a0ee61cc6
SHA1

5adfbd1e7bd47171a7cc55e6836603096183c56d
SHA256

f48ac20973b5932872ff416d6a5a195129844f310ba6ee761e932f5f8510aad0
SHA512

ff03e1d6bd1fc0b2893c14393524ea6d15f42a7033dd63e1e619deea163f51c930efd1c184cb9f008e19a5bf30557db5ed89303d6f9c5cf20132a103bf5f5c39
SSDEEP

3072:0TLDOZizCUrIa2ccTxgwqllxYWekY5Xtw5BX88z5sK2zJ6FWDPUn:0TnOZi+O7kxq1YWRYjAX8S1uJ6AIn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/INQ-985346.exe

Files

f48ac20973b5932872ff416d6a5a195129844f310ba6ee761e932f5f8510aad0.zip
.zip

Password: infected
8330a22dc0d05221740fed56f79e621cff84da4bada55ae28af13d105b0b4d3a.iso
.iso
INQ-985346.exe
.exe windows:5 windows x86 arch:x86

45975034e00fefffc0af937ae0a3f625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
IsValidCodePage
GetCPInfo
HeapFree
Sleep
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapAlloc
HeapReAlloc
GetOEMCP
VirtualProtect
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
InterlockedDecrement
GetLastError
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsProcessorFeaturePresent
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

ws2_32

socket
WSASocketW
WSAStringToAddressA
htons
WSAEnumNameSpaceProvidersW

avifil32

EditStreamSetInfoA
AVIStreamInfo

msvfw32

DrawDibOpen
ICInfo
ICDraw
DrawDibStart
ICDecompress
ICClose

gdi32

SelectClipRgn
DescribePixelFormat
SetDCBrushColor
ExtSelectClipRgn
Polygon
GetNearestPaletteIndex
SetDIBits
GetFontUnicodeRanges
DrawEscape
GetCharABCWidthsFloatA
GetEnhMetaFileBits

shlwapi

PathCompactPathW
ord432
UrlIsW
StrChrIA
PathFindFileNameW

mpr

WNetGetResourceInformationW
WNetOpenEnumW
WNetEnumResourceA
WNetGetNetworkInformationA
WNetGetUniversalNameW
WNetDisconnectDialog1W

resutils

ResUtilGetProperty
ResUtilGetResourceDependency
ResUtilGetAllProperties
ResUtilResourcesEqual
ResUtilFindSzProperty
ResUtilSetBinaryValue

netapi32

NetAuditRead
NetAccessGetUserPerms

wsnmp32

ord600
ord601
ord500

rpcrt4

I_RpcMapWin32Status

usp10

ScriptLayout

winmm

mmioDescend
waveOutSetVolume

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

45975034e00fefffc0af937ae0a3f625

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

avifil32

msvfw32

gdi32

shlwapi

mpr

resutils

netapi32

wsnmp32

rpcrt4

usp10

winmm

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 135KB - Virtual size: 138KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 135KB - Virtual size: 138KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 2KB - Virtual size: 2KB