Mic[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Mic.zip
Size

436KB
MD5

08147a7e19487e4e3bef1a2ddc5a1783
SHA1

596a806ac2076a04725b7b79cde355e012ef8d32
SHA256

5a0614e38835275d9f51c7173e9043e1cfa604d16d2fce5c5fb827e20faca205
SHA512

27c9acb04e0719073032ac159f633ef366da8d97340d2b232248adc8e2cdf146d8d11b1f1770b1652f7d9499cce2fc3ad2e28c21b892eea435e64cfe71ef9052
SSDEEP

12288:hEjrTCn/vjeQefFHnz9hmpg3XsTB6yNhTyMT6JXkHvCs:ar2n/vQHig3X0yMT6Bq

Score

N/A

Malware Config

Signatures

Files

Mic.zip
.zip
MicSsrv.dll
.dll windows x86

f090e50595c30ca2ceb2f081183b0d86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
GetUserNameW
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource

user32

GetProcessWindowStation
PeekMessageW
PostThreadMessageW
MessageBoxA
wsprintfW
GetUserObjectInformationW
GetDesktopWindow
wsprintfA

ws2_32

closesocket
connect
gethostbyname
getsockname
htonl
htons
inet_ntoa
ioctlsocket
select
send
shutdown
socket
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
recv

msvcr80

_getch
strncmp
_errno
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
free
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
_vsnprintf
_wtoi
_purecall
strcmp
wcscat
wcsncmp
srand
rand
_time64
memmove
strcpy
wcsstr
sprintf
_stricmp
atoi
_strnicmp
strlen
strstr
_itow
_swprintf
__RTDynamicCast
_waccess
wcslen
__CxxFrameHandler3
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
memset
signal
fputs
_gmtime32
isupper
_stat32
isxdigit
_wfopen
fgets
fseek
feof
ftell
_fileno
_setmode
fopen
fflush
fwrite
fread
ferror
fclose
isdigit
isspace
tolower
malloc
realloc
raise
_exit
vfprintf
getenv
sscanf
strtoul
qsort
strerror
strncpy
strchr
_ftime32
__iob_func
fprintf
_time32

netapi32

NetWkstaGetInfo
NetApiBufferFree

kernel32

FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
GetModuleHandleA
SetLastError
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
lstrcpynA
lstrlenA
ResumeThread
GetExitCodeThread
TerminateThread
PeekNamedPipe
TerminateProcess
FreeConsole
CreateThread
CreateMutexW
GetVolumeInformationW
SetErrorMode
DisableThreadLibraryCalls
ExitProcess
GetWindowsDirectoryA
GetModuleFileNameA
CreateFileA
lstrcatA
FindResourceA
LockResource
SetEvent
InterlockedExchangeAdd
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
GetLocalTime
LoadLibraryA
GetVersionExW
GetTickCount
GetModuleHandleW
GetCurrentProcess
MultiByteToWideChar
LoadLibraryW
GetProcAddress
MoveFileW
Sleep
ReadFile
GetLogicalDriveStringsW
GetDriveTypeW
FreeLibrary
CreateProcessW
WaitForSingleObject
lstrcpyW
lstrcatW
FindFirstFileW
FindNextFileW
FindClose
GetLastError
lstrlenW
GetModuleFileNameW
GetFileAttributesW
DeleteFileW
CreateDirectoryW
CreateFileW
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
CloseHandle
WriteFile
SetFilePointer

shell32

SHFileOperationW
ShellExecuteW

Exports

Exports

LGBT_GetCoreCceConnectTnfo
Servicetain

Sections

.text
Size: 588KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rundll32_86.exe
.exe windows x86

ef8a44fe2f9ad4ab85e55004aaa024a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSetInformation
QueryActCtxW
CloseHandle
SetFilePointer
ReadFile
CreateFileW
LocalFree
lstrlenA
WideCharToMultiByte
LocalAlloc
lstrlenW
GetProcAddress
WaitForSingleObject
CreateProcessW
GetCommandLineW
Wow64EnableWow64FsRedirection
GetSystemDirectoryW
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
SetProcessDEPPolicy
FormatMessageW
GetLastError
LoadLibraryExW
FreeLibrary
ExitProcess
SetErrorMode
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
Sleep
GetStartupInfoW
InterlockedExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
CompareStringW
ReleaseActCtx
DeactivateActCtx
GetFileAttributesW
SearchPathW
CreateActCtxW
GetModuleHandleW
ActivateActCtx

user32

LoadIconW
CharNextW
DefWindowProcW
GetClassLongW
GetClassNameW
GetWindow
GetWindowLongW
SetWindowLongW
SetClassLongW
CreateWindowExW
RegisterClassW
LoadCursorW
LoadStringW
MessageBoxW
DestroyWindow

msvcrt

iswalpha
_wtoi
wcschr
__wgetmainargs
memset
_vsnwprintf
__set_app_type
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit

imagehlp

ImageDirectoryEntryToData

ntdll

NtClose
NtOpenProcessToken
NtSetInformationToken
RtlImageNtHeader
NtSetInformationProcess
NtQueryInformationToken

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f090e50595c30ca2ceb2f081183b0d86

Headers

File Characteristics

Imports

advapi32

user32

ws2_32

msvcr80

netapi32

kernel32

shell32

Exports

Exports

Sections

.text Size: 588KB - Virtual size: 586KB

.rdata Size: 212KB - Virtual size: 211KB

.data Size: 36KB - Virtual size: 284KB

.rsrc Size: 16KB - Virtual size: 13KB

.reloc Size: 44KB - Virtual size: 41KB

ef8a44fe2f9ad4ab85e55004aaa024a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

imagehlp

ntdll

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 952B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 592B

.text
Size: 588KB - Virtual size: 586KB

.rdata
Size: 212KB - Virtual size: 211KB

.data
Size: 36KB - Virtual size: 284KB

.rsrc
Size: 16KB - Virtual size: 13KB

.reloc
Size: 44KB - Virtual size: 41KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 952B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 592B