svcready | 7938116178[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

7938116178.zip
Size

425KB
MD5

a27827ff2edf4b9306fdd3e391c5b6d4
SHA1

72c9753d7baa9b589295b0eea5cd59260b4a3097
SHA256

9a023260b3534ed87d0a5cf9860a48327d53fdb9cc052a7fee7e7fcf363a59dd
SHA512

7155435c3e5cdd600ac9e960b7fd55d13b45eb1a8534bebfc9931de37252f5b110a61cd8c47a9050e347e4d617887a36f1ddb8b6a89d2d14adfa5e05e9e57118
SSDEEP

12288:PWgyyEPGAP/MbEtACJhTk7gycI5MO7YEfLZE0GFigGv7nS:PWgyyEZ/MbE2+G0zI7YoG8gGv7nS

Score

10^/10

svcready

Malware Config

Signatures

Detects SVCReady loader 1 IoCs

resource	yara_rule
static1/unpack001/b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48	family_svcready

Svcready family
svcready

Files

7938116178.zip
.zip

Password: infected
b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48
.dll regsvr32 windows x86

4661689ad648304cfad7c2267b96734a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetFileSize
ExitProcess
WriteFile
MultiByteToWideChar
GetModuleHandleExA
GetModuleHandleW
WideCharToMultiByte
FormatMessageA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
VirtualFree
VirtualAlloc
FreeLibrary
GetProcAddress
IsBadReadPtr
VirtualProtectEx
HeapSize
WriteConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocalTime
CreateThread
CloseHandle
CreateFileA
GetLastError
Sleep
GetCommandLineA
GetModuleHandleA
LocalAlloc
WaitForSingleObject
SetFilePointer
OutputDebugStringA
SetLastError
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
GetModuleHandleExW
CreateFileW
ReadFile
LoadLibraryExW
RaiseException
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind

user32

KillTimer
UpdateWindow
GetCursorPos
wsprintfA
EndPaint
GetMessageA
DispatchMessageA
LoadCursorA
FillRect
CreateWindowExW
RegisterClassExW
LoadStringW
GetClientRect
ShowWindow
GetAsyncKeyState
TranslateAcceleratorA
SetTimer
LoadAcceleratorsA
DefWindowProcA
SetLayeredWindowAttributes
TranslateMessage
SendMessageA
LoadIconA
BeginPaint

gdi32

Ellipse
GetStockObject
SelectObject

Exports

Exports

DllRegisterServer

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4661689ad648304cfad7c2267b96734a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 300KB - Virtual size: 300KB

.rsrc Size: 480B - Virtual size: 480B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 300KB - Virtual size: 300KB

.rsrc
Size: 480B - Virtual size: 480B

.reloc
Size: 10KB - Virtual size: 10KB