fa21c51f6a23f81e11190b4c21ad7bf9-sample[.]zip

Resubmissions

06/06/2023, 20:43

230606-zhs5ssgb7t 8

06/06/2023, 20:39

230606-zfk2eagb6t 8

Sharing

Copy URL Twitter E-mail

General

Target

fa21c51f6a23f81e11190b4c21ad7bf9-sample.zip
Size

13.0MB
MD5

c703f5040ee032aa70a4878d4b7f496e
SHA1

0e5e0d3ac3ba054492e25d14249a5eba4eaa42af
SHA256

0bf54d08c8be0b8cd8e6528b5dccdbd777fc74013df28ee83a1017fdd5d3338c
SHA512

14bcfb46d2941549eba9728bd00ce5233808479b7ea54eaa747fcb96e09ac0804c25bd10780a5dd7ae09054e15c9c986b1c6c5493824a80381842e9eb4e446a2
SSDEEP

196608:aGDS2GCAKoCVtPe3dIE1FK0uBvA2AOxzVSGzWKX4elqJdvzaPDe5:aGO2GCBPetIoBuvD2GzWKXLl+d2q5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SchneiderDriverManagerX64.exe

Files

fa21c51f6a23f81e11190b4c21ad7bf9-sample.zip
.zip

Password: infected
SchneiderDriverManagerX64.exe
.exe windows x86

Password: infected

045675febf13bb0dcda1d13b5291019d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

CompareStringA
FreeLibrary
LoadLibraryW
lstrcmpW
lstrcmpiW
GetSystemDefaultLangID
GetUserDefaultLangID
VerLanguageNameW
CompareFileTime
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
SetFileAttributesW
GetSystemTimeAsFileTime
GetPrivateProfileStringW
MoveFileW
LocalFree
FormatMessageW
GetSystemInfo
MulDiv
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryExW
GetVersion
GetLocalTime
IsValidLocale
GetCommandLineW
GetFileAttributesW
FlushFileBuffers
SetEndOfFile
VirtualQuery
lstrcpyA
IsBadReadPtr
GetDiskFreeSpaceExW
GetDriveTypeW
GetExitCodeProcess
GetCurrentThread
GetLocaleInfoW
InterlockedExchange
LoadLibraryExA
DecodePointer
LCMapStringW
RtlUnwind
IsDebuggerPresent
MoveFileExW
WriteProcessMemory
VirtualProtectEx
GetSystemDirectoryW
CompareStringW
SetThreadContext
GetThreadContext
CreateProcessW
ResumeThread
TerminateProcess
ExitProcess
GetCurrentProcess
Sleep
WaitForSingleObject
DuplicateHandle
RemoveDirectoryW
DeleteFileW
SetCurrentDirectoryW
lstrlenW
lstrcpynA
LocalAlloc
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentDirectoryW
FindResourceExW
GetEnvironmentVariableW
SetFileTime
GetFileTime
OpenProcess
GetProcessTimes
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FatalAppExitA
EnumSystemLocalesW
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
HeapReAlloc
CreateSemaphoreW
GetStartupInfoW
TlsFree
TlsSetValue
IsProcessorFeaturePresent
lstrcatW
GetVersionExW
InterlockedDecrement
InterlockedIncrement
CreateEventW
QueryPerformanceFrequency
GetTempFileNameW
CopyFileW
GetTickCount
GetExitCodeThread
CreateThread
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
lstrcpyW
GetWindowsDirectoryW
SetErrorMode
GetTempPathW
FlushInstructionCache
ExpandEnvironmentStringsW
lstrcpynW
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
WriteFile
SetFilePointer
ReadFile
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
CreateFileW
SetLastError
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleW
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
HeapSize
AreFileApisANSI
GetModuleHandleExW
GetStdHandle
EncodePointer

user32

CreateWindowExW
SetTimer
KillTimer
LoadCursorW
RegisterClassW
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PostQuitMessage
GetSysColorBrush
CharPrevW
SendDlgItemMessageW
wvsprintfW
LoadImageW
CreateDialogParamW
MoveWindow
SetCursor
GetWindow
GetDlgItemTextW
SetFocus
EnableWindow
SetForegroundWindow
SetActiveWindow
SetDlgItemTextW
IsDialogMessageW
FindWindowW
SubtractRect
IntersectRect
SetRect
FillRect
GetSysColor
GetWindowRect
GetDC
GetSystemMetrics
GetDlgCtrlID
CreateDialogIndirectParamW
DestroyWindow
IsWindow
SendMessageW
MessageBoxW
CharNextW
WaitForInputIdle
SetWindowLongW
GetWindowLongW
GetClientRect
EndPaint
BeginPaint
ReleaseDC
ExitWindowsEx
CharUpperW
GetWindowDC
SetWindowPos
SetWindowTextW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
ShowWindow
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
wsprintfW
LoadIconW

gdi32

UnrealizeObject
CreateHalftonePalette
GetDIBColorTable
SelectPalette
RealizePalette
GetSystemPaletteEntries
CreatePalette
CreateFontW
GetObjectW
SetTextColor
SetBkMode
GetDeviceCaps
CreateSolidBrush
CreateFontIndirectW
SetStretchBltMode
StretchBlt
SelectObject
DeleteDC
CreateDIBitmap
CreateCompatibleDC
BitBlt
DeleteObject
GetStockObject
TranslateCharsetInfo

advapi32

CryptCreateHash
CryptSignHashW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOverridePredefKey
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW
CryptAcquireContextW
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptImportKey
CryptDestroyHash
CryptHashData
CryptVerifySignatureW

shell32

SHGetMalloc
SHGetFolderPathW
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW

ole32

CoCreateInstance
StringFromGUID2
CoCreateGuid
CreateItemMoniker
GetRunningObjectTable
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
ProgIDFromCLSID
CoTaskMemFree
CoUninitialize
CoInitializeSecurity
CoInitialize

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SetErrorInfo
LoadTypeLi
CreateErrorInfo
SysAllocStringLen
SysFreeString
SysReAllocStringLen
SysStringLen
SysAllocString
SysStringByteLen
SysAllocStringByteLen
VarBstrCat
VarBstrFromDate
VariantClear
VariantChangeType
GetErrorInfo
VarUI4FromStr
SystemTimeToVariantTime

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW
UuidFromStringW

Sections

.text
Size: 721KB - Virtual size: 721KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

045675febf13bb0dcda1d13b5291019d

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

rpcrt4

Sections

.text Size: 721KB - Virtual size: 721KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 10KB - Virtual size: 35KB

.rsrc Size: 335KB - Virtual size: 335KB

.text
Size: 721KB - Virtual size: 721KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 10KB - Virtual size: 35KB

.rsrc
Size: 335KB - Virtual size: 335KB