copyright[.]zip

Resubmissions

05/12/2022, 19:24

221205-x4llqsha79 3

05/12/2022, 19:21

221205-x2v3dsbh2z 3

Sharing

Copy URL

Twitter E-mail

General

Target

copyright.zip
Size

52.9MB
MD5

a554a119bfbff367d6c2f55196a95cb8
SHA1

996896f7c69dba054e505d1d7a7be8426817663d
SHA256

a1b2e555d2e370c141f02fd05fe12271b1256dd34464dd74ed0e308e978dfc00
SHA512

b25d9b5284fc82aac1716b3835a34d44ce2cba4fa3d904766c119b6ec563b2b6684479e628fdd2b3a3311073ca395365976edee81e7cad0a3603f5531f53c5a6
SSDEEP

786432:DggLi93JhnZNg8nfVLvJu3dgVk4den+xlUvD007Zh8/AbPDAx4R0HS6QMDbmD/H:UFzNVL9djLM7lh5y2/MDq

Score

N/A

Malware Config

Signatures

Files

copyright.zip
.zip
CMPCopyrightNotice.pdf
.pdf
mcbuilder.exe
.exe windows x64

cbaa66cfe978723c5b1cd0a8f75d7629

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegDeleteValueW
RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
AdjustTokenPrivileges
PrivilegeCheck
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegEnumValueW
RegOpenKeyExW
RegFlushKey
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
GetSystemTimeAsFileTime
GetSystemPreferredUILanguages
SystemTimeToFileTime
GetSystemTime
LoadLibraryW
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceW
GetVersionExW
GetSystemDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesW
FlushViewOfFile
RemoveDirectoryW
LocalFree
GetDiskFreeSpaceExW
DeviceIoControl
DeleteFileW
GetLastError
LCIDToLocaleName
FindClose
EnumUILanguagesW
GetSystemDefaultUILanguage
FindNextFileW
FindFirstFileW
FreeResource
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetStdHandle
WriteFile
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
GetStringTypeW
SetLastError
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
CloseHandle
GetFileType
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
IsValidLocale
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CompareStringW
LCMapStringW
CreateFileW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
WriteConsoleW
RaiseException
FlsAlloc
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemWindowsDirectoryW
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
GetFileAttributesExW
SetFileAttributesW
ExpandEnvironmentStringsW
GlobalMemoryStatusEx

ntdll

RtlInitUnicodeString
NtUnmapViewOfSection
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlFreeHeap
RtlExpandEnvironmentStrings
RtlReAllocateHeap
RtlGetSystemPreferredUILanguages
EtwEventEnabled
RtlAllocateHeap
NtMapViewOfSection
RtlNtStatusToDosError
RtlUnicodeStringToInteger

wkscli

NetGetJoinInformation

netutils

NetApiBufferFree

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrmcoreR.dll
.dll regsvr32 windows x64

226f212fbd387a85e62b6b9643a59251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__iob_func
_amsg_exit
_beginthread
_errno
_initterm
_lock
_unlock
abort
calloc
fprintf
free
fwrite
malloc
realloc
signal
strlen
strncmp
vfprintf

Exports

Exports

DllGetClassObject
DllRegisterServer
DllUnregisterServer
MergeSystemPriFiles
Run
_cgo_dummy_export

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69.8MB - Virtual size: 69.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 369KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

cbaa66cfe978723c5b1cd0a8f75d7629

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

wkscli

netutils

Sections

.text Size: 203KB - Virtual size: 202KB

PAGELK Size: 6KB - Virtual size: 6KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 13KB - Virtual size: 19KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

226f212fbd387a85e62b6b9643a59251

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.data Size: 102KB - Virtual size: 102KB

.rdata Size: 69.8MB - Virtual size: 69.8MB

.pdata Size: 1024B - Virtual size: 744B

.xdata Size: 1024B - Virtual size: 556B

.bss Size: - Virtual size: 369KB

.edata Size: 512B - Virtual size: 211B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 203KB - Virtual size: 202KB

PAGELK
Size: 6KB - Virtual size: 6KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 13KB - Virtual size: 19KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 102KB - Virtual size: 102KB

.rdata
Size: 69.8MB - Virtual size: 69.8MB

.pdata
Size: 1024B - Virtual size: 744B

.xdata
Size: 1024B - Virtual size: 556B

.bss
Size: - Virtual size: 369KB

.edata
Size: 512B - Virtual size: 211B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 20KB - Virtual size: 20KB