Malware[.]zip | Triage

Resubmissions

04/02/2023, 13:06

230204-qb7j6sdc96 1

02/02/2023, 23:17

230202-29q6macb2t 1

Sharing

Copy URL Twitter E-mail

General

Target

Malware.zip
Size

164KB
MD5

c302f7dcd1b5ab7b8248c3be1f60bd31
SHA1

dfd528fdb964c284d8bf7c4dcb49f2570488b207
SHA256

d90b2a3215de3f3870d27a0948614304f70e7f2c925d3e5d5d6fb2ab06204ecf
SHA512

392570ec27cd30c3759fa7729acb1d284c30c9fa29d9570d5aee3dac307833c8deeafd74f0536575ab5f74f3986e13ac09f20a3c8682d97ba3371a2aa64f7a8a
SSDEEP

3072:4Ybp0SXr2SNc63of3m6zos5iPqUsZJX3cMfqVi26zo1vpk/ws:Xb2SNc63ofW6YEZsMfoi26zqRW

Score

1^/10

Malware Config

Signatures

Files

Malware.zip
.zip
RunDLL-1.bat
Still.dll
.dll windows x64

6d03b2a3194556eeee0d61fbe9d0aa6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

gdi32

Polyline
SetBkColor
CreateFontIndirectW
GetStockObject

kernel32

IsProcessorFeaturePresent
SetLastError
GetFullPathNameW
GetLastError
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetFilePointerEx
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetModuleHandleA
GetProcAddress
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
GetConsoleMode
WaitForSingleObject
WriteConsoleW
GetCurrentDirectoryW
AcquireSRWLockExclusive
GetCurrentProcess
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetCurrentThread
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
ExitProcess
AcquireSRWLockShared
ReleaseSRWLockShared
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedFlushSList
EncodePointer
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
TerminateProcess
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetFileType
GetStringTypeW
HeapSize

Exports

Exports

EscapeCall
Main

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

6d03b2a3194556eeee0d61fbe9d0aa6f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

gdi32

kernel32

Exports

Exports

Sections

.text Size: 231KB - Virtual size: 231KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 231KB - Virtual size: 231KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 3KB - Virtual size: 3KB