core[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

core.zip
Size

622KB
MD5

7b1bc9e75b1012258f42dccb37e5c6a7
SHA1

399b5e8f3e5aebc15804452f21c87e347c75a8e7
SHA256

00693ff4eaf39be69507721cffcaee78160c7b95a0683e19eb04210d5e4ec778
SHA512

37dace7e19c1ecc50cc84ba2385a854dd51ed3f3d2dae376d8bbed913c1caea893bfc913cd26a769021f349b74123e4544a4bbf2076d1cbb32cfe45f6dbc3f00
SSDEEP

12288:J3uDB0igC+/NHBy1S+Paxmh95JleEB/70XHzobKwwrBYUza0Z:4DBtZKBcSB+3JleM/7OHzuwrBYaP

Score

N/A

Malware Config

Signatures

Files

core.zip
.zip

Password: infected
cmd.bat
license.dat
sun-.dat
.dll windows x64

Password: infected

ef65ccf1cd38902572a6502b6961bef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

WaitForMultipleObjects
GetExitCodeThread
LocalAlloc
FileTimeToSystemTime
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
GetTempPathW
ResetEvent
GetTickCount
FreeLibrary
LoadLibraryW
IsBadReadPtr
GetStdHandle
SetEnvironmentVariableW
CloseHandle
GetLastError
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
SetStdHandle
GetStringTypeW
Sleep
GetProcessHeap
LCMapStringW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
SetEvent
MultiByteToWideChar
lstrlenA
lstrcpynA
lstrcmpW
Thread32Next
Thread32First
CreateToolhelp32Snapshot
WriteConsoleInputW
ReadConsoleInputW
WideCharToMultiByte
lstrlenW
lstrcpyW
lstrcpynW
lstrcmpiW
LocalFree
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
UnmapViewOfFile
SetFilePointerEx
OpenFileMappingW
CreateFileMappingW
VirtualQuery
VirtualProtect
GetCurrentThreadId
MapViewOfFile
InitializeCriticalSectionAndSpinCount
EncodePointer
GetCurrentProcessId
WaitForSingleObject
InterlockedFlushSList
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
DebugBreak
GetEnvironmentVariableW
ReadFile
WriteFile
IsDebuggerPresent
SetLastError
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
Process32FirstW
Process32NextW
OpenThread
RaiseException
CreateThread
TerminateThread
ResumeThread
VerSetConditionMask
GetFileInformationByHandle
VerifyVersionInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader

user32

GetIconInfo
DrawIconEx
DestroyIcon
LoadIconW
ReleaseDC
GetDC
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
FillRect
InvalidateRect
EndPaint
BeginPaint
DrawTextW
ShowWindowAsync
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostThreadMessageW
PostMessageW
DispatchMessageW
GetMessageW
RegisterWindowMessageW
wsprintfW
GetWindowThreadProcessId
GetClassNameW
IntersectRect
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
MessageBoxW
GetClientRect
ShowWindow
MapVirtualKeyW
GetKeyState
IsWindowVisible

gdi32

GdiFlush
GetObjectW
CreateDIBSection
GdiAlphaBlend
SetStretchBltMode
StretchBlt
MoveToEx
SetTextColor
SetBkColor
SelectObject
Rectangle
LineTo
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetFileInfoW

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

hxitFAR
hxitFARW
hetGlobalInfoW
hetMinFarVersion
hetMinFarVersionW
hetPluginInfo
hetPluginInfoW
hpenPlugin
hpenPluginW
hpenW
hrocessSynchroEventW
hetStartupInfo
init

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ef65ccf1cd38902572a6502b6961bef7

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 176KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 176KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB