svcready | 7610236144[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7610236144.zip
Size

425KB
MD5

07da6ab0eab9a8e5880c325c53b0b4ef
SHA1

20a63fe9a951230bc2284c595b68b3b715041e3c
SHA256

cdfc273d2ae7dd9f0dc8a0fda6f73692c5e4256f0ab5dca5321a2541e6343a54
SHA512

f07f3b4c783a2123beb47278953c3fcfdb3519edf44d8379851a2f216787498b1a14a8a5acb13221e1df8cf60858a35baf150085876165b9a61fbd154d7a0e18
SSDEEP

6144:os20M7AD3dF7dGAUy6hOwRYXprrEN8cETwORdFqA+Ce68vxpOE7vxXQpTpSR3XZ6:320MEdFwhzRYdHT5Rd3e6MpFvChSJ54

Score

10^/10

svcready

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257	family_svcready

Svcready family
svcready

Files

7610236144.zip
.zip

Password: infected
ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257
.dll regsvr32 windows x86

b252fa8c1dab9e2f02ff9aac282c4e2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetLocalTime
VirtualProtectEx
LocalFree
GetFileSize
ExitProcess
WriteFile
MultiByteToWideChar
GetModuleHandleExA
GetModuleHandleW
WideCharToMultiByte
FormatMessageA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
VirtualFree
VirtualAlloc
FreeLibrary
GetProcAddress
IsBadReadPtr
CloseHandle
CreateFileW
HeapSize
WriteConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateFileA
GetLastError
GetCommandLineA
GetModuleHandleA
LocalAlloc
WaitForSingleObject
SetFilePointer
OutputDebugStringA
GetCurrentProcess
SetLastError
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
GetModuleHandleExW
ReadFile
LoadLibraryExW
RaiseException
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

KillTimer
UpdateWindow
GetCursorPos
wsprintfA
EndPaint
GetMessageA
DispatchMessageA
LoadCursorA
FillRect
CreateWindowExW
RegisterClassExW
LoadStringW
GetClientRect
ShowWindow
GetAsyncKeyState
TranslateAcceleratorA
SetTimer
LoadAcceleratorsA
DefWindowProcA
SetLayeredWindowAttributes
TranslateMessage
SendMessageA
LoadIconA
BeginPaint

gdi32

Ellipse
GetStockObject
SelectObject

Exports

Exports

DllRegisterServer

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b252fa8c1dab9e2f02ff9aac282c4e2c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 300KB - Virtual size: 300KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 300KB - Virtual size: 300KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB