INV_Scan_32[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

INV_Scan_32.zip
Size

518KB
MD5

3e9c64bb43373f42d7578678b76fb2f9
SHA1

c1f259f72a84c79fbd04a86f119925a176602a2c
SHA256

5f69e700adcba2984bc3708a55cd75f19b0d79d251e4f0e2c0d1164444160a11
SHA512

2e6ace92eb4d16dbe9e02b9c5ae338f8e8fc061acb55d212297f832b12c31e45214e256ad91db80354e7a5582f6228798cb1f4734d3ec83b801aa9a887e70d53
SSDEEP

12288:vyKu+sNDbIeAbJ3WslEOWMnlhx6acczLN3GGQhlHRK:qKspjAYCzWuh0aJ3glHRK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack002/OBSESSOR/WOOZIEST.DAT

resource
unpack002/OBSESSOR/WOOZIEST.DAT

Files

INV_Scan_32.zip
.zip

Password: 84925
INV_Scan_32.IMG
.iso

Password: 84925
OBSESSOR/SUNLANDS.CMD
OBSESSOR/WOOZIEST.DAT
.dll windows x64

Password: 84925

461b78f28d3ea5be2e2ffd3133d46dd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

glp_addColumns
glp_addRows
glp_algorithm
glp_checkSolution
glp_chgColumnLower
glp_chgColumnUpper
glp_chgObjCoefficients
glp_chgRowLower
glp_chgRowUpper
glp_clearCallBack
glp_columnLower
glp_columnName
glp_columnUpper
glp_copyInIntegerInformation
glp_copyNames
glp_copyinStatus
glp_crash
glp_deleteColumns
glp_deleteIntegerInformation
glp_deleteModel
glp_deleteRows
glp_dropNames
glp_dual
glp_dualBound
glp_dualColumnSolution
glp_dualFeasible
glp_dualObjectiveLimit
glp_dualRowSolution
glp_dualTolerance
glp_dumpMatrix
glp_getColLower
glp_getColSolution
glp_getColUpper
glp_getColumnStatus
glp_getElements
glp_getIndices
glp_getIterationCount
glp_getMatrixElement
glp_getNumCols
glp_getNumElements
glp_getNumRows
glp_getObjCoefficients
glp_getObjSense
glp_getObjValue
glp_getReducedCost
glp_getRowActivity
glp_getRowLower
glp_getRowPrice
glp_getRowStatus
glp_getRowUpper
glp_getSmallElementValue
glp_getUserPointer
glp_getVectorLengths
glp_getVectorStarts
glp_hitMaximumIterations
glp_infeasibilityCost
glp_infeasibilityRay
glp_initialDualSolve
glp_initialPrimalSolve
glp_initialSolve
glp_integerInformation
glp_isAbandoned
glp_isDualObjectiveLimitReached
glp_isIterationLimitReached
glp_isPrimalObjectiveLimitReached
glp_isProvenDualInfeasible
glp_isProvenOptimal
glp_isProvenPrimalInfeasible
glp_lengthNames
glp_loadProblem
glp_logLevel
glp_maximumSeconds
glp_newModel
glp_numberColumns
glp_numberDualInfeasibilities
glp_numberIterations
glp_numberPrimalInfeasibilities
glp_numberRows
glp_objective
glp_objectiveOffset
glp_objectiveValue
glp_optimizationDirection
glp_perturbation
glp_primal
glp_primalColumnSolution
glp_primalFeasible
glp_primalRowSolution
glp_primalTolerance
glp_printModel
glp_problemName
glp_readMps
glp_registerCallBack
glp_registerCallBack2
glp_resize
glp_restoreModel
glp_rowLower
glp_rowName
glp_rowUpper
glp_saveModel
glp_scaling
glp_scalingFlag
glp_secondaryStatus
glp_setAlgorithm
glp_setColSolution
glp_setColumnStatus
glp_setDualBound
glp_setDualObjectiveLimit
glp_setDualTolerance
glp_setInfeasibilityCost
glp_setLogLevel
glp_setMaximumIterations
glp_setMaximumSeconds
glp_setNumberIterations
glp_setObjectiveOffset
glp_setOptimizationDirection
glp_setPerturbation
glp_setPrimalTolerance
glp_setProblemName
glp_setProblemStatus
glp_setRowStatus
glp_setSecondaryStatus
glp_setSmallElementValue
glp_setUserPointer
glp_status
glp_statusArray
glp_statusExists
glp_sumDualInfeasibilities
glp_sumPrimalInfeasibilities
glp_unboundedRay
glp_writeMps
init

Sections

.text
Size: 905KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VANDALIC.LNK
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: 84925

Password: 84925

Password: 84925

461b78f28d3ea5be2e2ffd3133d46dd3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 905KB - Virtual size: 904KB

.rdata Size: 106KB - Virtual size: 106KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 26KB - Virtual size: 25KB

.gfids Size: 512B - Virtual size: 44B

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 905KB - Virtual size: 904KB

.rdata
Size: 106KB - Virtual size: 106KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 26KB - Virtual size: 25KB

.gfids
Size: 512B - Virtual size: 44B

.reloc
Size: 16KB - Virtual size: 13KB