bum[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

bum.zip
Size

2.2MB
MD5

d5e0431ab359e5c7ac4815aa89149baa
SHA1

69fcd8049d1c6b4153db99ad8a3d31889de623ec
SHA256

83b4e47778f67b87714f0f7f3071b72e88582cfb324b6d5ca031213311ad6ae2
SHA512

d1f2740f3c262cd5b2ae9360f1ecb8c172a0767716946b70e3ca851fb86a150c1c3bae2e8066edcf688e459793b59e0957294427a000c5eebc61b2a4beefb9f4
SSDEEP

49152:OoF1x9TNdS1CnijfZ8PmuWBRKplgJzrgzcT65FHCO3lNe7+B0:j1xfdS1SMSPmuGAlgJXgzcKCeo7H

Score

N/A

Malware Config

Signatures

Files

bum.zip
.zip
run.bat
stirring.dll
.dll windows x64

c82181455402c64a63154d973a0a3184

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileInformationByHandle
ReadFile
SetFilePointer
SetFileTime
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThread
GetModuleFileNameA
GetModuleHandleA
SwitchToFiber
DeleteFiber
CreateFiber
CreateNamedPipeA
WaitNamedPipeA
CreateActCtxA
ActivateActCtx
DeactivateActCtx
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceFrequency
CompareStringW
LCMapStringW
FindFirstFileExA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetStdHandle
GetFileType
GetStringTypeW
HeapReAlloc
RaiseException
HeapSize
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW

Exports

Exports

PhgsF64517
ctrlrun

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 871KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c82181455402c64a63154d973a0a3184

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 240KB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 871KB - Virtual size: 878KB

.pdata Size: 6KB - Virtual size: 6KB

.gfids Size: 512B - Virtual size: 156B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 871KB - Virtual size: 878KB

.pdata
Size: 6KB - Virtual size: 6KB

.gfids
Size: 512B - Virtual size: 156B

.reloc
Size: 3KB - Virtual size: 3KB