CRI File System[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

CRI File System.rar
Size

940KB
MD5

de762ee48ba6a3b27f3d326642852127
SHA1

530794534203122714f8ffe1f38a119250d2324b
SHA256

c8b18d045be531421215e00f3dc5798e807587135d9ab5472c030a9b4f5eaad6
SHA512

99e46265b610cd95acf9005cc0c7b6adf6a5c5e0869bbb1c6757139a8af798fc0bad83fb4337ffefa6d7a720aa5f487eb09c36541cb246dc8575fb424487df53
SSDEEP

24576:rI9dXULMvpaW5qugHZZ1L8hMcO+rMkBwbfEv+JVUSK:CWMvprJssMkMkOTO

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CRI File System/CpkMaker.DLL
unpack001/CRI File System/CriPackedFileMaker.exe
unpack001/CRI File System/cpkmakec.exe

Files

CRI File System.rar
.rar
CRI File System/CRI_File_System_Tools_Manual_e.chm
.chm
CRI File System/CpkMaker.DLL
.dll windows x86

e402938405ec7aab17519e1ff84fcdb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
??2@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxQueryExceptionSize
__CxxUnregisterExceptionObject
malloc
_ftelli64
_fseeki64
fopen_s
fclose
fwrite
fflush
fread
strcpy_s
strcat_s
sprintf
fopen
fprintf
_cexit
__FrameUnwindFilter
_purecall
memcpy
memset
exit
printf
??0exception@std@@QAE@ABQBD@Z
memcpy_s
memmove_s
??_U@YAPAXI@Z
_invalid_parameter_noinfo
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
vsprintf
qsort
_malloc_crt
_encode_pointer
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ

kernel32

SetUnhandledExceptionFilter
Sleep
InterlockedExchange
OutputDebugStringA
DisableThreadLibraryCalls
GlobalMemoryStatusEx
VirtualQuery
OutputDebugStringW
VirtualFree
VirtualAlloc
IsDebuggerPresent
InterlockedCompareExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

msvcm80

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

msvcp80

?_Xlen@_String_base@std@@SAXXZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
?_Xran@_String_base@std@@SAXXZ

user32

wvsprintfA

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRI File System/CriPackedFileMaker.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRI File System/CriPackedFileMaker.settings
CRI File System/CriPackedFileMakerExcludedFiles.txt
CRI File System/MakeCpk_e.xls
.xls windows office2003
CRI File System/cpkmakec.exe
.exe windows x86

7dc9902cfff3b0259a6c56ccd6f6f422

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_crt_debugger_hook
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
_except_handler4_common
__CxxUnregisterExceptionObject
getchar
exit
_cexit
_amsg_exit
__set_app_type
_XcptFilter
__wgetmainargs
_configthreadlocale
__p__commode
__p__fmode
__FrameUnwindFilter
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__CxxQueryExceptionSize
_encode_pointer

kernel32

Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

msvcm80

?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
__setusermatherr_m
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRI File System/cpkmaker.out.csv
CRI File System/data/folder1/data1.bmp
CRI File System/data/folder1/data2.bmp
CRI File System/data/folder2/data3.bmp
CRI File System/data/folder2/data4.bmp
CRI File System/data/folder2/voice1.ahx
CRI File System/docs/eng/history_crifstools_e.txt
CRI File System/docs/eng/release_crifstools_e.txt

Sharing

General

Malware Config

Signatures

Files

e402938405ec7aab17519e1ff84fcdb8

Headers

File Characteristics

Imports

msvcr80

kernel32

msvcm80

msvcp80

user32

mscoree

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 8KB - Virtual size: 2.1MB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 8KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 80KB - Virtual size: 76KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 4KB - Virtual size: 12B

7dc9902cfff3b0259a6c56ccd6f6f422

Headers

File Characteristics

Imports

msvcr80

kernel32

msvcm80

mscoree

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 524B

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 8KB - Virtual size: 2.1MB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 80KB - Virtual size: 76KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 524B