10549977060[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

10549977060.zip
Size

5.2MB
MD5

fc2df9edf39b1e502ac814b2ed18969d
SHA1

c645fa02b10da5148f2cd4dd0b6cf7d2bf89e723
SHA256

d04ee2891f8f0ae40fb1a0c9dfe9c25654b726f0b4872156eba23ff6814bf90d
SHA512

81120ff4c78bc50da9a4b5c30a113db77532b4864fcc26d1369ab8e1448cd52348c379b851de830d99bd982a3a4700b60e140a619943f925d650d779a5fe95e6
SSDEEP

98304:wmNjZvZrYDHniPdSBo4q2jLFf+X/oXcCFAIu4oz8t5oqDGjT:lNthrYLvtjxfY/y9yIu4AG5dDU

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/1.0.0.0/7z.dll
unpack002/1.0.0.0/7z.exe
unpack002/1.0.0.0/zcurl.exe
unpack002/1.0.0.0/zmss.exe
unpack002/1.0.0.0/zupgrade.exe
unpack002/7z.dll
unpack002/7z.exe
unpack002/zlauncher.exe

Files

10549977060.zip
.zip

Password: infected
2e588ac15355ad78ae605ff9b29070c74170d1ac254717b614d622619cdc6878
.zip
1.0.0.0/7z.dll
.dll windows x86

71fc45db7a81ce236f432a828a4e8fcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
realloc
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.0.0.0/7z.exe
.exe windows x86

709c92fb1b0d51e4048409976b042040

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharUpperW
CharPrevA
CharUpperA
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsncmp
wcslen
memcpy
fputc
fflush
fgetc
fclose
_iob
free
malloc
memmove
memcmp
fprintf
strlen
fputs
_purecall
__CxxFrameHandler
_CxxThrowException
_isatty
_fileno

kernel32

VirtualAlloc
GetTickCount
VirtualFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
MapViewOfFile
GetProcessTimes
UnmapViewOfFile
OpenEventA
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
CreateFileA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
SearchPathW
SearchPathA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
SetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryExA
LoadLibraryA
AreFileApisANSI
SetCurrentDirectoryA
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
OpenFileMappingA

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1.0.0.0/Logs/zmss.log
1.0.0.0/Logs/zupgrade.log
1.0.0.0/config.ini
1.0.0.0/flag.txt
1.0.0.0/update/launch2.zip
.zip
1.0.0.0/zcurl.exe
.exe windows x86

4011eceb4a5161b27a23955b90e037c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord143

kernel32

GetFullPathNameW
GetCurrentDirectoryW
GetFileAttributesExW
FlushFileBuffers
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateFileW
GetModuleFileNameA
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
TerminateProcess
FindNextFileA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindClose
WaitForSingleObject
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
GetLastError
CloseHandle
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
Sleep
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FlushConsoleInputBuffer
GetModuleFileNameW
LoadLibraryExW
RaiseException
RtlUnwind
InitializeSListHead
SetStdHandle
SetEndOfFile
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
FindFirstFileExA
WriteConsoleW
HeapSize
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

SystemFunction036
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.0.0.0/zmss.exe
.exe windows x86

5e2374ae60e5bd7a1aa34c8f79f28e3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
WSACleanup
WSAGetLastError
__WSAFDIsSet
getservbyname
gethostbyname
htonl
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAStartup
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select

wldap32

ord46
ord143
ord60
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50

shlwapi

PathRemoveFileSpecA

shell32

CommandLineToArgvW

kernel32

GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FindNextFileW
FindFirstFileExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
CreateFileW
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CreateMutexA
GetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
SetCurrentDirectoryA
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
TerminateProcess
FindNextFileA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindClose
WaitForSingleObject
GetFileAttributesW
GetModuleHandleA
GetCommandLineA
MultiByteToWideChar
EnumSystemLocalesW
GetFileAttributesA
DeleteFileA
CloseHandle
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
CreateProcessA
CreateDirectoryA
ReadFile
SetHandleInformation
CreatePipe
PeekNamedPipe
SetEvent
GetExitCodeProcess
Sleep
GetCurrentProcessId
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
VerSetConditionMask
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
GetModuleFileNameW
LoadLibraryExW
RaiseException
RtlUnwind
GetFileAttributesExW
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
SetEndOfFile
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
FindFirstFileExA
WriteConsoleW
HeapSize
GetTempPathA
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
EncodePointer
DecodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation

advapi32

SystemFunction036
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegEnumKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW

netapi32

Netbios

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.0.0.0/zupgrade.exe
.exe windows x86

37e827874d5121bddb515409bb8464ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
setsockopt
gethostname
shutdown
htonl
gethostbyname
getservbyname
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
WSAStartup
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
ioctlsocket

wldap32

ord27
ord211
ord60
ord50
ord41
ord22
ord26
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143
ord46

shlwapi

PathFileExistsA
PathRemoveFileSpecA
StrToIntA

shell32

SHCreateDirectoryExA
CommandLineToArgvW
SHFileOperationA

kernel32

FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleCP
ReadConsoleW
GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
SetEnvironmentVariableA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
EncodePointer
DecodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
Process32First
FindFirstFileA
GetCurrentProcess
TerminateProcess
FindNextFileA
FindClose
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
SetEvent
DeleteFileA
Process32Next
CloseHandle
CreateThread
lstrcmpiA
CreateProcessA
GetDiskFreeSpaceExA
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenA
CopyFileA
WritePrivateProfileStringA
GetCurrentProcessId
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateMutexA
WaitForSingleObject
GetCurrentDirectoryA
SetCurrentDirectoryA
MultiByteToWideChar
GetFileAttributesA
DeleteCriticalSection
lstrcpynA
WideCharToMultiByte
CreateDirectoryA
GetCurrentThreadId
CreateFileA
LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
CreateEventW
SizeofResource
SetErrorMode
FindResourceA
FreeResource
GetVersionExA
GlobalAlloc
ResetEvent
LoadResource
GlobalLock
GlobalUnlock
TerminateThread
ExitProcess
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
ExpandEnvironmentStringsA
VerSetConditionMask
GetModuleHandleA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
FindFirstFileExA
WriteConsoleW
HeapSize
RemoveDirectoryA

user32

MoveWindow
SetLayeredWindowAttributes
TranslateMessage
PostQuitMessage
UpdateWindow
LoadCursorA
DestroyWindow
TranslateAcceleratorA
GetSystemMetrics
LoadStringA
ShowWindow
SetWindowLongA
DispatchMessageA
CreateWindowExA
SystemParametersInfoA
RegisterClassExA
GetDlgCtrlID
TrackMouseEvent
DefWindowProcA
SetCapture
GetClientRect
GetParent
ReleaseCapture
InvalidateRect
BeginPaint
EndPaint
SendMessageA
wsprintfA
MessageBoxA
GetMessageA
GetProcessWindowStation
GetUserObjectInformationW
GetWindowLongA

advapi32

SystemFunction036
ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA
EnumProcessModules

gdiplus

GdipCreateFont
GdiplusStartup
GdipSetStringFormatAlign
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipDeletePen
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteGraphics
GdipFillRectangleI
GdipGetImageGraphicsContext
GdipCloneBrush
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipCreateSolidFill
GdiplusShutdown
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipDisposeImage
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipCreateFontFamilyFromName
GdipDrawRectangleI
GdipDeleteFontFamily
GdipCreateStringFormat
GdipLoadImageFromStream

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.dll
.dll windows x86

71fc45db7a81ce236f432a828a4e8fcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
realloc
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7z.exe
.exe windows x86

709c92fb1b0d51e4048409976b042040

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysStringByteLen
SysFreeString

user32

CharUpperW
CharPrevA
CharUpperA
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
wcsncmp
wcslen
memcpy
fputc
fflush
fgetc
fclose
_iob
free
malloc
memmove
memcmp
fprintf
strlen
fputs
_purecall
__CxxFrameHandler
_CxxThrowException
_isatty
_fileno

kernel32

VirtualAlloc
GetTickCount
VirtualFree
WaitForSingleObject
SetEvent
InitializeCriticalSection
MapViewOfFile
GetProcessTimes
UnmapViewOfFile
OpenEventA
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
GetModuleHandleA
GlobalMemoryStatus
GetSystemInfo
FileTimeToSystemTime
CompareFileTime
GetProcAddress
GetCurrentProcess
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
CreateFileA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
SearchPathW
SearchPathA
GetCurrentDirectoryW
SetCurrentDirectoryW
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
SetConsoleMode
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryExA
LoadLibraryA
AreFileApisANSI
SetCurrentDirectoryA
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
OpenFileMappingA

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Launcher.ini
Logs/zlauncher.log
flag.txt
taskconfig.ini
zlauncher.exe
.exe windows x86

98ee198cdadd381209fa7697a2f9808a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl
gethostbyname
getservbyname
shutdown
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind
send
recv
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup

wldap32

ord33
ord46
ord211
ord60
ord50
ord301
ord200
ord30
ord79
ord35
ord143
ord32
ord27
ord26
ord22
ord41

shlwapi

PathRemoveFileSpecA
StrToIntA

kernel32

GetACP
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
CreateFileW
GetDriveTypeW
GetCurrentDirectoryW
GetModuleFileNameW
GetModuleFileNameA
DeleteFileA
Process32First
FindFirstFileA
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
TerminateProcess
FindNextFileA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindClose
WaitForSingleObject
GetFileAttributesW
GetModuleHandleA
OpenProcess
SetCurrentDirectoryA
GetCommandLineA
CreateToolhelp32Snapshot
MultiByteToWideChar
GetLastError
GetFileAttributesA
OutputDebugStringW
MoveFileExA
Process32Next
CloseHandle
WritePrivateProfileStringA
GetProcAddress
RemoveDirectoryA
DeleteCriticalSection
CreateProcessW
WideCharToMultiByte
lstrcmpiA
CreateDirectoryA
GetPrivateProfileStringA
ReadConsoleW
Sleep
GetUserDefaultLCID
GetCurrentProcessId
GetExitCodeProcess
ExitThread
TerminateThread
CreateThread
GetThreadContext
SetThreadContext
SetLastError
FormatMessageA
GetTickCount
InitializeCriticalSection
SleepEx
FreeLibrary
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
VerSetConditionMask
LoadLibraryA
GetSystemDirectoryA
VerifyVersionInfoA
GetSystemTime
SystemTimeToFileTime
WriteFile
GetCurrentThreadId
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
LoadLibraryExW
RtlUnwind
RaiseException
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
GetConsoleCP
SetErrorMode
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetFileAttributesExW
SetStdHandle
SetEndOfFile
GetProcessHeap
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExA
WriteConsoleW
DecodePointer
EncodePointer
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
SetEnvironmentVariableA
HeapSize

user32

GetProcessWindowStation
GetMessageA
DispatchMessageA
GetWindowRect
GetSystemMetrics
GetUserObjectInformationW
SetTimer
MessageBoxA
CreateWindowExA
TranslateMessage
SendMessageA
PostQuitMessage
RegisterClassExA
UpdateWindow
BeginPaint
EndPaint
RegisterClassExW
LoadIconA
DefWindowProcA
ShowWindow

advapi32

SystemFunction036
ReportEventA
RegisterEventSourceA
DeregisterEventSource
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

CommandLineToArgvW

comctl32

ord17

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

71fc45db7a81ce236f432a828a4e8fcd

Headers

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 654KB - Virtual size: 654KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 23KB - Virtual size: 45KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 33KB - Virtual size: 33KB

709c92fb1b0d51e4048409976b042040

Headers

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 784B

4011eceb4a5161b27a23955b90e037c8

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

advapi32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 306KB - Virtual size: 306KB

.data Size: 38KB - Virtual size: 50KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 53KB - Virtual size: 52KB

5e2374ae60e5bd7a1aa34c8f79f28e3e

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

shlwapi

shell32

kernel32

user32

advapi32

netapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 329KB - Virtual size: 329KB

.data Size: 39KB - Virtual size: 51KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 59KB - Virtual size: 59KB

37e827874d5121bddb515409bb8464ce

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

.text
Size: 654KB - Virtual size: 654KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 23KB - Virtual size: 45KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 784B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 306KB - Virtual size: 306KB

.data
Size: 38KB - Virtual size: 50KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 53KB - Virtual size: 52KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 329KB - Virtual size: 329KB

.data
Size: 39KB - Virtual size: 51KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 59KB - Virtual size: 59KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 347KB - Virtual size: 346KB

.data
Size: 40KB - Virtual size: 54KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 65KB - Virtual size: 65KB

.text
Size: 654KB - Virtual size: 654KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 23KB - Virtual size: 45KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 784B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 334KB - Virtual size: 333KB

.data
Size: 39KB - Virtual size: 55KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 56KB - Virtual size: 56KB