e1f60b891005dfd0f6738444406c8e57d644cc3ce0154f8d17454c886637dfbd[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

e1f60b891005dfd0f6738444406c8e57d644cc3ce0154f8d17454c886637dfbd.7z
Size

99KB
MD5

24d6200beec0688a60e26adfa1a2cf74
SHA1

5e7367a5e61d07fa02307ed54c2b19392cf29218
SHA256

09030fed4da9362dcdd9817e2837ee78927dd17c3cf24abfc7874d278fe67853
SHA512

7027396c1bf7c657bf6654141bcfefe2c77222060a67cc1c56070ea2fc65c73026939d0f5edb0ec232a70916f7db4415be5dbd76f2923d964d4ac37b6335b6b4
SSDEEP

3072:mOEvOZun6oWE0UBop6AAJRwBbN2Rwf5NE/iM:qvgXRE0UGwlQBbN2mE/iM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/e1f60b891005dfd0f6738444406c8e57d644cc3ce0154f8d17454c886637dfbd

resource
unpack001/e1f60b891005dfd0f6738444406c8e57d644cc3ce0154f8d17454c886637dfbd

Files

e1f60b891005dfd0f6738444406c8e57d644cc3ce0154f8d17454c886637dfbd.7z
.7z

Password: infected
e1f60b891005dfd0f6738444406c8e57d644cc3ce0154f8d17454c886637dfbd
.exe windows:6 windows x86 arch:x86

Password: infected

fe0f3a59ae2294c4975f5eca0d194084

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardType
GetCursorPos
GetMenuItemRect
GetFocus
BeginDeferWindowPos

rpcrt4

I_RpcServerSetAddressChangeFn

wininet

InternetOpenUrlW

gdi32

PaintRgn
SetBitmapDimensionEx

kernel32

ReadFile
CancelSynchronousIo
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessInJob
GlobalAlloc
GetTapeStatus
TlsFree
GetLastError
GetTickCount

oleaut32

VarCyFromI1

Sections

.crt
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WET_J
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

43B
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

o
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

fe0f3a59ae2294c4975f5eca0d194084

Headers

DLL Characteristics

File Characteristics

Imports

user32

rpcrt4

wininet

gdi32

kernel32

oleaut32

Sections

.crt Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.text Size: 4KB - Virtual size: 182B

WET_J Size: 36KB - Virtual size: 34KB

43B Size: 28KB - Virtual size: 24KB

CODE Size: 20KB - Virtual size: 16KB

o Size: 28KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 456B

.crt
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 182B

WET_J
Size: 36KB - Virtual size: 34KB

43B
Size: 28KB - Virtual size: 24KB

CODE
Size: 20KB - Virtual size: 16KB

o
Size: 28KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 456B