f996f60603519fb183271788ec8dcdf12f8a6430cfd0cbc924a30353cabe2537[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

f996f60603519fb183271788ec8dcdf12f8a6430cfd0cbc924a30353cabe2537.zip
Size

72KB
MD5

e35d09e6a523804d94247ec5046f0924
SHA1

5b3fde4fc5c02b5465617fee162a2b04d955c78f
SHA256

f996f60603519fb183271788ec8dcdf12f8a6430cfd0cbc924a30353cabe2537
SHA512

9041894343bba35301698ae3a81311a04e1d9575a2e35a717f904522d6715b52415a608af4d440a93d7618a9af8f5e99f37ff049c1f0ee86e1fdef4ddf2ac4cd
SSDEEP

1536:htiGyk+5B5T1QwnkxDNjIKfRd4m49P12JQ7r6SYWgHjYSPgDBgVfD:ht/lkB1teNjx6bP10bygHjZVV7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2.exe

Files

f996f60603519fb183271788ec8dcdf12f8a6430cfd0cbc924a30353cabe2537.zip
.zip

Password: infected
07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2.exe
.dll regsvr32 windows:4 windows x86 arch:x86

37a5eed1a16598aca7a2b35d466fc075

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCreateKeyExA
RegDeleteKeyW
SetEntriesInAclW
GetLengthSid
RegisterEventSourceW
RegOpenKeyW
StartServiceW
CopySid
QueryServiceStatus
IsValidSid
RegSetValueExW
RegCloseKey
InitializeSecurityDescriptor
RegEnumKeyExW
OpenProcessToken
OpenSCManagerW
RegQueryInfoKeyW
RegOpenKeyExA
RegCreateKeyExW
AllocateAndInitializeSid
RegDeleteValueW
RegDeleteKeyA
RegOpenKeyExW
RegEnumValueA
RegQueryValueExW
GetTokenInformation
DeregisterEventSource
OpenServiceW
SetSecurityDescriptorDacl
ReportEventW
CloseServiceHandle
RegQueryInfoKeyA
RegSetValueExA
RegEnumValueW
FreeSid

kernel32

VirtualProtect
FlushViewOfFile
GetSystemDefaultLCID
SwitchToThread
CreateDirectoryW
SetUnhandledExceptionFilter
TerminateProcess
WideCharToMultiByte
GetCurrentProcess
SetLastError
TryEnterCriticalSection
LocalFree
SetFilePointer
InterlockedDecrement
lstrcmpW
LoadLibraryW
GetProcAddress
CreateMutexW
FormatMessageW
ReleaseMutex
lstrcmpiW
DeleteFileW
FreeLibrary
CreateSemaphoreW
InterlockedIncrement
MoveFileExW
GetLastError
UnhandledExceptionFilter
WaitForSingleObject
CreateFileMappingW
lstrcpyW
DeleteCriticalSection
SetEvent
GetVersionExW
MapViewOfFile
OpenEventW
InterlockedCompareExchange
GetSystemTime
lstrcatW
UnmapViewOfFile
QueryPerformanceCounter
InitializeCriticalSection
GetCurrentThreadId
GetLocaleInfoW
GetCurrentProcessId
GetTickCount
EnterCriticalSection
ExpandEnvironmentStringsW
LeaveCriticalSection
GetVersionExA
CreateFileW
ResetEvent
lstrlenW
WriteFile
CloseHandle
CreateFileA
ReleaseSemaphore
lstrlenA
WaitForMultipleObjects
GetVersion
GetModuleFileNameW
CreateEventW

loadperf

LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW

msvcrt

memcpy
wcschr
memset
?terminate@@YAXXZ
_CxxThrowException
wcsrchr
_onexit
_initterm
mbstowcs
__CxxFrameHandler
wcslen
_wtol
realloc
wcsstr
__dllonexit
free
malloc

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitializeEx

user32

CharNextW
LoadStringW
wsprintfW

Exports

Exports

Unrenounced
DllRegisterServer
Remancipate
Identicalness
Forevalue
DllUnregisterServer
Chthonic
Thoughted
DllGetClassObject
Amoralize
Overmature
DllCanUnloadNow
Handcraft
Ophioglossales

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

37a5eed1a16598aca7a2b35d466fc075

Headers

File Characteristics

Imports

advapi32

kernel32

loadperf

msvcrt

ole32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 89KB - Virtual size: 108KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 89KB - Virtual size: 108KB

.reloc
Size: 1KB - Virtual size: 1KB