backscraper[.]img[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

backscraper.img.zip
Size

527KB
MD5

403abf9198972d61e96a887fb027a431
SHA1

521a10c2cf8b54343d6505c2fdf3f2dde7db9002
SHA256

466cf0832a24b9a900aa36431f7fd69647c172c1c8054e233c473e83e50aa18f
SHA512

577399b386e34cb26b8a9925fd373d898ddbefdfababcd099d3d7d55a04bd1b5e474633db55cb54a75c16b831fa293bb6662ba4c76d4c4bf01687e29b5b75fe8
SSDEEP

12288:8jNm7xY41hx1BDcAv7NFANjbsDk+iXNEa5di5AOq1vr1p:8sxY4PxTDcADN6Px7NVdaAOq1vr3

Score

1^/10

Malware Config

Signatures

Files

backscraper.img.zip
.zip

Password: infected
backscraper.img
.iso
GlyceriaHaberdine/BlindfoldsBulkage/AllegiantMethine.BW
GlyceriaHaberdine/BlindfoldsBulkage/caravaningNondistillable/footrailUloborid.kDDu
GlyceriaHaberdine/possessinglyBingee.jpeg
.jpg
MainprizerMisapprehendSeastrand.lnk
.lnk
StanesBeseeches/Inquisitorially.cmd
.cmd .vbs
StanesBeseeches/NonpurulenceFatiguing/Semimathematically/salmwoodPollutant.sdBL
StanesBeseeches/NonpurulenceFatiguing/finishing.info
StanesBeseeches/Pseudoconhydrine.jpeg
.jpg
chuhraFondled/Quaintly.info
chuhraFondled/TrisyllabismDestructiveness.leVy
chuhraFondled/longeveEctocondyle/PoliticizationCanoeist.Ifs
chuhraFondled/longeveEctocondyle/UndersortPodalgia.wsf
chuhraFondled/longeveEctocondyle/anestheticsRagouts.readme
chuhraFondled/longeveEctocondyle/glycuresisPortionable.exe
.exe windows x64

272245e2988e1e430500b852c4fb5e18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_setmode
exit
iswxdigit
time
srand
_wtol
fflush
wcsstr
iswalpha
wcstoul
_errno
printf
rand
fprintf
wcsncmp
_pipe
_commode
_lock
wcsrchr
realloc
towlower
_initterm
__setusermatherr
setlocale
_wcsupr
iswdigit
_ultoa
_cexit
_unlock
_exit
__dllonexit
_wcsicmp
iswspace
wcschr
fgets
??_V@YAXPEAX@Z
_pclose
ferror
_onexit
__CxxFrameHandler3
_open_osfhandle
_close
feof
_dup
_wpopen
_wcsnicmp
?terminate@@YAXXZ
memset
wcstol
_get_osfhandle
_dup2
_getch
towupper
memcmp
_setjmp
wcsspn
_fmode
qsort
__set_app_type
_tell
_wcslwr
longjmp
_local_unwind
_purecall
__C_specific_handler
??3@YAXPEAX@Z
memcpy_s
free
calloc
__getmainargs
_XcptFilter
_amsg_exit
??1type_info@@UEAA@XZ
memmove
memcpy
_CxxThrowException
_vsnwprintf
swscanf
__iob_func
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
RtlFreeHeap
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlVirtualUnwind
RtlFreeUnicodeString
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationFile
NtQueryVolumeInformationFile
NtSetInformationProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtCancelSynchronousIoFile
RtlCreateUnicodeStringFromAsciiz
RtlFindLeastSignificantBit

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
GetConsoleWindow

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
InitializeCriticalSection
WaitForSingleObject
ReleaseSemaphore
TryAcquireSRWLockExclusive
WaitForSingleObjectEx
ReleaseMutex
ReleaseSRWLockShared
AcquireSRWLockShared
LeaveCriticalSection
CreateMutexExW
EnterCriticalSection
ReleaseSRWLockExclusive
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSetInformation
HeapReAlloc
HeapSize

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
GetLastError
SetErrorMode
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

InitializeProcThreadAttributeList
GetCurrentThreadId
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetStartupInfoW
CreateProcessAsUserW
OpenThread
CreateProcessW
ResumeThread
TerminateProcess
GetExitCodeProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW
GetLocaleInfoW
GetCPInfo
GetACP
GetUserDefaultLCID

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualFree
ReadProcessMemory

api-ms-win-core-console-l1-1-0

ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP

api-ms-win-core-file-l1-1-0

CreateFileW
FlushFileBuffers
GetFileAttributesExW
GetDriveTypeW
FindClose
FindNextFileW
CreateDirectoryW
GetVolumeInformationW
SetFileAttributesW
SetEndOfFile
SetFilePointerEx
WriteFile
DeleteFileW
SetFileTime
GetVolumePathNameW
SetFilePointer
ReadFile
GetFileAttributesW
GetFileType
RemoveDirectoryW
FindFirstFileExW
CompareFileTime
GetFullPathNameW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
GetFileSize
FindFirstFileW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
GetEnvironmentStringsW
ExpandEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SearchPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentStringsW
GetStdHandle

api-ms-win-core-console-l2-1-0

SetConsoleCursorPosition
GetConsoleScreenBufferInfo
ScrollConsoleScreenBufferW
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FlushConsoleInputBuffer
SetConsoleTextAttribute

api-ms-win-security-base-l1-1-0

GetFileSecurityW
RevertToSelf
GetSecurityDescriptorOwner

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
SetLocalTime
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryW
GetLocalTime
GetVersion

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaNodeProcessorMaskEx
GetNumaHighestNodeNumber

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegQueryValueExW

api-ms-win-core-file-l2-1-0

MoveFileExW
CreateSymbolicLinkW
CreateHardLinkW
MoveFileWithProgressW
GetFileInformationByHandleEx

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
chuhraFondled/longeveEctocondyle/underrenting.jpg
.jpg
chuhraFondled/semiconductingHallucinating.XQzZ
chuhraFondled/uncheerfulnessDauphine.info

Sharing

General

Malware Config

Signatures

Files

Password: infected

272245e2988e1e430500b852c4fb5e18

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 196KB - Virtual size: 195KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 512B - Virtual size: 111KB

.pdata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 1024B - Virtual size: 780B

.text
Size: 196KB - Virtual size: 195KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 512B - Virtual size: 111KB

.pdata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 1024B - Virtual size: 780B