cc920f2ff573ee0f56e7f3fd5139d86242cfed6c55f73ff78f317f85cb1414d6[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

cc920f2ff573ee0f56e7f3fd5139d86242cfed6c55f73ff78f317f85cb1414d6.zip
Size

600KB
MD5

83cdbc1439066c3c09576dab0931035e
SHA1

7fe2c140eed636815a990c5998396d51906ce993
SHA256

e3629905f381fc7ecb4838ad64f2d8744c3ef090816a610ae1ff0f78eecff957
SHA512

8332cf06c13d75e2dce63456beca7e9d8dd2ec4bbf6ec55722dc9dba1767d1bc80d7fdf71ae87fc57e8da39be7592f566b7cd7281117c5bf59bd8f99ae3799bb
SSDEEP

12288:d/TT97zJFMdZLCKP7f9Ii5pd1Idgh0dM1p4tbmMHMGgYcjGaZHujOYjrVNkx:d/TTV4dJDPy6mWSdMsA6MGgrqabYVax

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C/ProgramData/Sentinel/AFUCache/cc920f2ff573ee0f56e7f3fd5139d86242cfed6c55f73ff78f317f85cb1414d6

Files

cc920f2ff573ee0f56e7f3fd5139d86242cfed6c55f73ff78f317f85cb1414d6.zip
.zip

Password: S1BinaryVault
C/ProgramData/Sentinel/AFUCache/cc920f2ff573ee0f56e7f3fd5139d86242cfed6c55f73ff78f317f85cb1414d6
.exe windows x64

Password: S1BinaryVault

61cca3249f90700efbc9dfbf27c24c48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__setusermatherr
__wgetmainargs
_cexit
_onexit
exit
__dllonexit
_amsg_exit
_wcmdln
_XcptFilter
_unlock
_lock
??1type_info@@UEAA@XZ
__set_app_type
_exit
??0exception@@QEAA@AEBQEBD@Z
__C_specific_handler
?terminate@@YAXXZ
_commode
_initterm
isdigit
__CxxFrameHandler3
_CxxThrowException
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
memmove
??0exception@@QEAA@XZ
memmove_s
memcpy_s
_wcsicmp
?what@exception@@UEBAPEBDXZ
realloc
wcscat_s
malloc
free
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_fmode
memcmp
memcpy
memset

api-ms-win-core-synch-l1-2-0

WaitForSingleObject
SetEvent
EnterCriticalSection
Sleep
LeaveCriticalSection
CreateEventW
InitializeCriticalSection
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleW
LoadLibraryExW
GetProcAddress
SizeofResource
GetModuleFileNameW
FindResourceExW
FreeLibrary

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW
RegNotifyChangeKeyValue

api-ms-win-core-memory-l1-1-2

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-2-1

GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-heap-l1-2-0

HeapFree
HeapDestroy
HeapAlloc
GetProcessHeap
HeapSetInformation

api-ms-win-core-processthreads-l1-1-2

GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

cryptbase

SystemFunction036

mswsock

AcceptEx
GetAcceptExSockaddrs

api-ms-win-core-file-l1-2-1

ReadFile
WriteFile

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

api-ms-win-core-kernel32-legacy-l1-1-1

BindIoCompletionCallback

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: S1BinaryVault

Password: S1BinaryVault

61cca3249f90700efbc9dfbf27c24c48

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

cryptbase

mswsock

api-ms-win-core-file-l1-2-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-1

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.didat Size: 512B - Virtual size: 280B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.didat
Size: 512B - Virtual size: 280B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 568KB - Virtual size: 572KB