dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
Size

452KB
MD5

092925aa5abb06b9b20b5289617bac6f
SHA1

6d376fe9b8b246e9d5e8e3c68682e30d4fb31121
SHA256

6f1c462bcd1e30bb6affc20d6da7b3ae9bb5ed55edf66cac243270d421ec6b63
SHA512

faa10b2b5ff48fe19d07e2e17a25deb2cf9b4f3f2ea23be4e2e27d0f980df952b71287ee634631f3683b4cab8489b822bdb049968a38e3b51bf018621ae6d1a3
SSDEEP

6144:FEy/IJy75gWf9TM2kF62AeiK2ZWe5Y7lxrBvWZExGxeY5liOIEWVJFvDNHOD1iYQ:R5gWOtQKNeMCixGxH5l+ESJ9Do1H8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll

resource
unpack001/dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll

Files

dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.zip
.zip

Password: infected
dd2b6e3aa75de8460730862f2dc739537734a7dfc9e673b6a23ee58430348ddf.dll
.dll windows:6 windows x86 arch:x86

Password: infected

55f1ba0b782341fa929d61651ef47f0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Jenkins\workspace\Osprey\Osprey_5.01\output\app\symbol\Win32\Release\TmopphDns.pdb

Imports

kernel32

WideCharToMultiByte
CreateDirectoryA
Sleep
LocalFree
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WriteConsoleW
GetProcAddress
ResetEvent
CloseHandle
LoadLibraryA
SetEvent
GetLastError
MultiByteToWideChar
OpenEventW
GetModuleFileNameW
GetShortPathNameW
SetLastError
OpenEventA
GetModuleFileNameA
GetShortPathNameA
EnterCriticalSection
GetVersionExA
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetCurrentThread
GetFileAttributesExW
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
DeleteFileW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
OutputDebugStringW

advapi32

GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
RegisterTraceGuidsA
GetSecurityDescriptorSacl
SetEntriesInAclA
GetSecurityDescriptorDacl
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorA
TraceMessage
GetNamedSecurityInfoA
SetSecurityInfo
ConvertStringSidToSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

Exports

Exports

TmphCreateCtx
TmphCreateCtxEx
TmphDisconnectAllSessions
TmphExit
TmphFreeContext
GetModuleProp
TmphInit
TmphIsSupport
GetModul
GetModuleP
HetModuleProp
GetModulePro

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

55f1ba0b782341fa929d61651ef47f0c

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 21KB - Virtual size: 21KB