Metrix's KS_Diagnostics_Process[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Metrix's KS_Diagnostics_Process.zip
Size

7KB
MD5

14e7e30275339705edd594b17b67f78b
SHA1

72c022395c7b181686367df1a289fbef5f9a4172
SHA256

eb644444aa19bf8b4397d40db775f6bc8d948277308506410fb028c2f23729fa
SHA512

272f2f766b8b24ddf529e42fe2a4b853ed050c77ae91e5e3ecb3860bee01c6c8d8e67601a73af4ad74e3f11d0c695b4dec252dc5202f657ed73fa5659819bb5a
SSDEEP

192:dJV8PxkTofCUsgLHvjy9fI60rOwr3rIh80:Qx/xBzby5I6Ix7g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Metrix's KS_Diagnostics_Process/KS_Diagnostics_Process.dll

Files

Metrix's KS_Diagnostics_Process.zip
.zip
Metrix's KS_Diagnostics_Process/KS_Diagnostics_Process.dll
.dll windows x64

9426f7543ab913c73c1f8c003f49e53a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeConsole
Beep
FreeLibrary
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext

vcruntime140

memcpy
__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

Exports

Exports

AddExceptionReceived
AddExited
AddOutputDataReceived
BeginOutputReadLine
CancelOutputRead
CreateProcess
CreateProcessStartInfo
DisposeProcess
DisposeProcessStartInfo
DotNetRuntimeDebugHeader
Free
FreeGCHandle
GetArguments
GetCreateNoWindow
GetEnableRaisingEvents
GetFileName
GetProcessExitCode
GetProcessExitTime
GetProcessId
GetProcessName
GetProcessStartTime
GetProcesses
GetProcessesByName
GetProcessesByNameString
GetProcessesString
GetRedirectStandardOutput
GetUseShellExecute
GetWorkingDirectory
Kill
KillBool
RemoveExceptionReceived
RemoveExited
RemoveOutputDataReceived
SetArguments
SetCreateNoWindow
SetEnableRaisingEvents
SetFileName
SetRedirectStandardOutput
SetStartInfo
SetUseShellExecute
SetWorkingDirectory
Start
WaitForExit
WaitForExitMilliseconds

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Metrix's KS_Diagnostics_Process/install.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

9426f7543ab913c73c1f8c003f49e53a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 972B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 44B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 972B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 44B