Kryptik[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Kryptik.zip
Size

110KB
MD5

c7e20bbee641bf1bf9c6b1bbaabb84e0
SHA1

e8579334d9ded034e669ab1c9a0400314e5fbf4c
SHA256

ad67364509c16dd3de0b146dd4b28c537089adb3d256b165dbc19cf3bb6eecf7
SHA512

8d4d78e8baa37221f1f4755e3a559b40ff05072e09122c66eeb135711717079997b9c04872a1553a451cac1144befa98dcab6870818ad5e9922db51d3dc3d59c
SSDEEP

3072:4z4M4NXQ+pX6RSrpujTMoFe51reJdyE9stBaDqfgVrOqZkne:4z4hd1j9ujQ91rWyE9/u4VOqZKe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/图片2.exe

Files

Kryptik.zip
.zip
图片2.exe
.exe windows x86

48078db10fc504f4d57ba087057fcf3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

ord5253
ord12482
ord10672
ord6128
ord13300
ord7074
ord13302
ord2661
ord3984
ord13980
ord3991
ord4401
ord4368
ord4364
ord4398
ord4419
ord4377
ord4406
ord4415
ord4385
ord4389
ord4393
ord4381
ord4410
ord4373
ord1514
ord1507
ord1509
ord1503
ord1496
ord11188
ord11190
ord12644
ord2847
ord8330
ord9994
ord6217
ord11108
ord8070
ord13294
ord10883
ord3395
ord11025
ord8235
ord13973
ord13972
ord14045
ord14062
ord14058
ord14060
ord14061
ord14059
ord2416
ord7349
ord2878
ord2881
ord12531
ord5532
ord2752
ord2973
ord2974
ord9475
ord10360
ord10007
ord8137
ord11067
ord6328
ord6686
ord404
ord963
ord9968
ord8307
ord9282
ord13735
ord3406
ord13717
ord13863
ord13852
ord13875
ord13656
ord14129
ord13651
ord14042
ord12805
ord12608
ord2502
ord4961
ord5514
ord8178
ord3414
ord10016
ord10244
ord8292
ord11648
ord4930
ord11453
ord14124
ord8570
ord2374
ord11822
ord11029
ord3662
ord3616
ord13223
ord4744
ord4735
ord9447
ord14043
ord13803
ord13804
ord13783
ord13814
ord13784
ord6622
ord9190
ord6831
ord884
ord1284
ord11059
ord2015
ord3655
ord8321
ord2337
ord6127
ord8351
ord11154
ord11024
ord2417
ord12535
ord5534
ord7437
ord10253
ord10256
ord8595
ord8610
ord8600
ord9030
ord9034
ord8612
ord10109
ord9512
ord8031
ord8021
ord10697
ord10134
ord9094
ord10722
ord4345
ord684
ord1142
ord7727
ord11078
ord8658
ord3982
ord6493
ord1861
ord392
ord951
ord457
ord1004
ord661
ord1128
ord6681
ord8389
ord2845
ord2802
ord7589
ord7863
ord3746
ord5875
ord3475
ord1900
ord2187
ord11630
ord4344
ord1889
ord4507
ord12401
ord4591
ord4592
ord10500
ord7216
ord12432
ord8369
ord7060
ord12344
ord7363
ord1939
ord6383
ord554
ord13220
ord2302
ord12863
ord12865
ord11110
ord788
ord1210
ord11882
ord3695
ord10339
ord3426
ord5774
ord2184
ord2769
ord1929
ord2061
ord4343
ord2475
ord7512
ord5974
ord11992
ord5374
ord10668
ord4400
ord4366
ord4362
ord4395
ord4417
ord4375
ord4403
ord4412
ord4383
ord4387
ord4391
ord4379
ord4408
ord4370
ord1512
ord1505
ord1501
ord8342
ord11142
ord13283
ord4679
ord7314
ord7447
ord7382
ord7468
ord2381
ord2359
ord4804
ord3896
ord3561
ord4260
ord13035
ord1769
ord11369
ord2887
ord8093
ord8047
ord12925
ord5615
ord7565
ord11854
ord7931
ord2730
ord13158
ord10080
ord2912
ord10298
ord1511
ord3651
ord1752
ord4469
ord4474
ord2732
ord5588
ord12059
ord11083
ord3546
ord2328
ord7922
ord13037
ord7287
ord12292
ord10141
ord8100
ord8063
ord2812
ord2929
ord2274
ord1798
ord10121
ord2671
ord8382
ord8095
ord8062
ord8068
ord11542
ord12298
ord3545
ord3998
ord10241
ord13021
ord2926
ord11689
ord7514
ord7591
ord12147
ord7204
ord7205
ord7233
ord13299
ord11491
ord7802
ord7795
ord3143
ord703
ord7805
ord7806
ord7810
ord1942
ord3378
ord11732
ord5165
ord5130
ord12151
ord11601
ord2357
ord11736
ord7054
ord13112
ord11155
ord7959
ord10334
ord9387
ord10838
ord8184
ord8203
ord2312
ord3704
ord3717
ord1932
ord9028
ord8592
ord8597
ord8607
ord7977
ord2338
ord1779
ord3782
ord2905
ord8470
ord3882
ord8120
ord1688
ord12902
ord2315
ord8045
ord11829
ord7541
ord12980
ord5807
ord11976
ord7315
ord7470
ord7356
ord6318
ord4538
ord4799
ord2350
ord3905
ord3577
ord8092
ord8046
ord12926
ord7553
ord11841
ord13157
ord10706
ord10294
ord2290
ord3639
ord3572
ord7285
ord8098
ord8064
ord13079
ord10120
ord2669
ord10449
ord8743
ord8061
ord3543
ord3996
ord13019
ord2755
ord2754
ord2914
ord7041
ord2341
ord12977
ord4801
ord2203
ord3191
ord3578
ord3563
ord13187
ord12105
ord7672
ord2731
ord13026
ord3705
ord1783
ord10680
ord13005
ord12159
ord2418
ord2439
ord10561
ord11998
ord11077
ord2719
ord8133
ord8247
ord8196
ord4088
ord8159
ord7742
ord2083
ord8823
ord8097
ord10669
ord11808
ord11691
ord2623
ord6213
ord7346
ord7368
ord12051
ord12654
ord10929
ord2961
ord2993
ord12769
ord2770
ord6345
ord1814
ord6691
ord434
ord986
ord544
ord1068
ord657
ord1124
ord681
ord1141
ord5092
ord8393
ord7667
ord12868
ord3885
ord7170
ord2800
ord12414
ord3893
ord3554
ord13514
ord3860
ord1731
ord3940
ord7642
ord7801
ord7496
ord12838
ord4317
ord2818
ord2056
ord11274
ord13310
ord11297
ord13329
ord6010
ord12119
ord11039
ord691
ord3966
ord10640
ord2219
ord3988
ord12261
ord6504
ord6507
ord7640
ord6509
ord6505
ord6508
ord13496
ord13996
ord12749
ord6506
ord13330
ord7521
ord6906
ord10428
ord8309
ord5252
ord12479
ord13295
ord7069

msvcr100

_cexit
__getmainargs
_amsg_exit
free
malloc
__CxxFrameHandler3
_CxxThrowException
memset
_setmbcp
_onexit
_lock
__dllonexit
_unlock
exit
memcpy
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_purecall

kernel32

lstrlenA
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
LocalFree
CloseHandle
CreateMutexA
ReleaseMutex
ResetEvent
WaitForSingleObject
VirtualAlloc
LoadLibraryA
GetLastError
DeactivateActCtx
SetLastError
InterlockedDecrement
ActivateActCtx
lstrcpyA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
CreateThread
Sleep
InterlockedIncrement

user32

LoadBitmapW
EnableWindow
ClientToScreen
GetParent
SetRectEmpty
LoadMenuW
GetSubMenu
SendMessageA
RedrawWindow
GetSystemMetrics
LoadImageA
wsprintfA
GetFocus
IsChild
UpdateWindow
GetSysColor
InflateRect
GetWindowRect
InvalidateRect
GetClientRect
ScreenToClient

gdi32

CreateFontIndirectA
DeleteObject
GetStockObject
GetObjectA

comctl32

InitCommonControlsEx

oleaut32

SysAllocString
VariantClear

ws2_32

WSACleanup
socket
gethostbyname
htons
connect
recv
closesocket
send

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48078db10fc504f4d57ba087057fcf3d

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

comctl32

oleaut32

ws2_32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 141KB - Virtual size: 140KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 141KB - Virtual size: 140KB

.reloc
Size: 13KB - Virtual size: 12KB