Archive[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Archive.zip
Size

151KB
MD5

5d5c07e0ece3abfa928ed90e580ccee2
SHA1

1f2cd06f42e44b87687a137f81e06654ef22f59c
SHA256

ff36edbe722ed60b5fa69971dfe1eda52dfb4ea353894d79d746cb74d1643ec0
SHA512

cc42b7f57c71e9c5994bbdd71c9ebd719617288acdc7d5a5be8a5d004ef7e11134ce5ce4b6e339ebbb07f4732e1f2e978d7d4755d4b67ab8574861410dea33ec
SSDEEP

3072:5jmnoRhnWajX2711QHu+uq8SkFdFI+yxWVlBvxkoYPoQ7RAzKZgW7S7vwSEzO:5j7RhXjX2DQHuY+7FI+yxWVPvtY+8gWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/libsodium.dll

Files

Archive.zip
.zip

Password: infected
libsodium.dll
.dll windows x64

11a1a39236b21f26901723638d814d07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualProtect
VirtualLock
VirtualUnlock
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

Exports

Exports

rrypto_aead_aes256gcm_abytes
rrypto_aead_aes256gcm_beforenm
rrypto_aead_aes256gcm_decrypt
rrypto_aead_aes256gcm_decrypt_afternm
rrypto_aead_aes256gcm_decrypt_detached
rrypto_aead_aes256gcm_decrypt_detached_afternm
rrypto_aead_aes256gcm_encrypt
rrypto_aead_aes256gcm_encrypt_afternm
rrypto_aead_aes256gcm_encrypt_detached
rrypto_aead_aes256gcm_encrypt_detached_afternm
rrypto_aead_aes256gcm_is_available
rrypto_aead_aes256gcm_keybytes
rrypto_aead_aes256gcm_keygen
rrypto_aead_aes256gcm_messagebytes_max
rrypto_aead_aes256gcm_npubbytes
rrypto_aead_aes256gcm_nsecbytes
rrypto_aead_aes256gcm_statebytes
rrypto_aead_chacha20poly1305_abytes
rrypto_aead_chacha20poly1305_decrypt
rrypto_aead_chacha20poly1305_decrypt_detached
rrypto_aead_chacha20poly1305_encrypt
rrypto_aead_chacha20poly1305_encrypt_detached
rrypto_aead_chacha20poly1305_ietf_abytes
rrypto_aead_chacha20poly1305_ietf_decrypt
rrypto_aead_chacha20poly1305_ietf_decrypt_detached
rrypto_aead_chacha20poly1305_ietf_encrypt
rrypto_aead_chacha20poly1305_ietf_encrypt_detached
rrypto_aead_chacha20poly1305_ietf_keybytes
rrypto_aead_chacha20poly1305_ietf_keygen
rrypto_aead_chacha20poly1305_ietf_messagebytes_max
rrypto_aead_chacha20poly1305_ietf_npubbytes
rrypto_aead_chacha20poly1305_ietf_nsecbytes
rrypto_aead_chacha20poly1305_keybytes
rrypto_aead_chacha20poly1305_keygen
rrypto_aead_chacha20poly1305_messagebytes_max
rrypto_aead_chacha20poly1305_npubbytes
rrypto_aead_chacha20poly1305_nsecbytes
rrypto_aead_xchacha20poly1305_ietf_abytes
rrypto_aead_xchacha20poly1305_ietf_decrypt
rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
rrypto_aead_xchacha20poly1305_ietf_encrypt
rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
rrypto_aead_xchacha20poly1305_ietf_keybytes
rrypto_aead_xchacha20poly1305_ietf_keygen
rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
rrypto_aead_xchacha20poly1305_ietf_npubbytes
rrypto_aead_xchacha20poly1305_ietf_nsecbytes
rrypto_auth
rrypto_auth_bytes
rrypto_auth_hmacsha256
rrypto_auth_hmacsha256_bytes
rrypto_auth_hmacsha256_final
rrypto_auth_hmacsha256_init
rrypto_auth_hmacsha256_keybytes
rrypto_auth_hmacsha256_keygen
rrypto_auth_hmacsha256_statebytes
rrypto_auth_hmacsha256_update
rrypto_auth_hmacsha256_verify
rrypto_auth_hmacsha512
rrypto_auth_hmacsha512256
rrypto_auth_hmacsha512256_bytes
rrypto_auth_hmacsha512256_final
rrypto_auth_hmacsha512256_init
rrypto_auth_hmacsha512256_keybytes
rrypto_auth_hmacsha512256_keygen
rrypto_auth_hmacsha512256_statebytes
rrypto_auth_hmacsha512256_update
rrypto_auth_hmacsha512256_verify
rrypto_auth_hmacsha512_bytes
rrypto_auth_hmacsha512_final
rrypto_auth_hmacsha512_init
rrypto_auth_hmacsha512_keybytes
rrypto_auth_hmacsha512_keygen
rrypto_auth_hmacsha512_statebytes
rrypto_auth_hmacsha512_update
rrypto_auth_hmacsha512_verify
rrypto_auth_keybytes
rrypto_auth_keygen
rrypto_auth_primitive
rrypto_auth_verify
rrypto_box
rrypto_box_afternm
rrypto_box_beforenm
rrypto_box_beforenmbytes
rrypto_box_boxzerobytes
rrypto_box_curve25519xchacha20poly1305_beforenm
rrypto_box_curve25519xchacha20poly1305_beforenmbytes
rrypto_box_curve25519xchacha20poly1305_detached
rrypto_box_curve25519xchacha20poly1305_detached_afternm
rrypto_box_curve25519xchacha20poly1305_easy
rrypto_box_curve25519xchacha20poly1305_easy_afternm
rrypto_box_curve25519xchacha20poly1305_keypair
rrypto_box_curve25519xchacha20poly1305_macbytes
rrypto_box_curve25519xchacha20poly1305_messagebytes_max
rrypto_box_curve25519xchacha20poly1305_noncebytes
rrypto_box_curve25519xchacha20poly1305_open_detached
rrypto_box_curve25519xchacha20poly1305_open_detached_afternm
rrypto_box_curve25519xchacha20poly1305_open_easy
rrypto_box_curve25519xchacha20poly1305_open_easy_afternm
rrypto_box_curve25519xchacha20poly1305_publickeybytes
rrypto_box_curve25519xchacha20poly1305_seal
rrypto_box_curve25519xchacha20poly1305_seal_open
rrypto_box_curve25519xchacha20poly1305_sealbytes
rrypto_box_curve25519xchacha20poly1305_secretkeybytes
rrypto_box_curve25519xchacha20poly1305_seed_keypair
rrypto_box_curve25519xchacha20poly1305_seedbytes
rrypto_box_curve25519xsalsa20poly1305
rrypto_box_curve25519xsalsa20poly1305_afternm
rrypto_box_curve25519xsalsa20poly1305_beforenm
rrypto_box_curve25519xsalsa20poly1305_beforenmbytes
rrypto_box_curve25519xsalsa20poly1305_boxzerobytes
rrypto_box_curve25519xsalsa20poly1305_keypair
rrypto_box_curve25519xsalsa20poly1305_macbytes
rrypto_box_curve25519xsalsa20poly1305_messagebytes_max
rrypto_box_curve25519xsalsa20poly1305_noncebytes
rrypto_box_curve25519xsalsa20poly1305_open
rrypto_box_curve25519xsalsa20poly1305_open_afternm
rrypto_box_curve25519xsalsa20poly1305_publickeybytes
rrypto_box_curve25519xsalsa20poly1305_secretkeybytes
rrypto_box_curve25519xsalsa20poly1305_seed_keypair
rrypto_box_curve25519xsalsa20poly1305_seedbytes
rrypto_box_curve25519xsalsa20poly1305_zerobytes
rrypto_box_detached
rrypto_box_detached_afternm
rrypto_box_easy
rrypto_box_easy_afternm
rrypto_box_keypair
rrypto_box_macbytes
rrypto_box_messagebytes_max
rrypto_box_noncebytes
rrypto_box_open
rrypto_box_open_afternm
rrypto_box_open_detached
rrypto_box_open_detached_afternm
rrypto_box_open_easy
rrypto_box_open_easy_afternm
rrypto_box_primitive
rrypto_box_publickeybytes
rrypto_box_seal
rrypto_box_seal_open
rrypto_box_sealbytes
rrypto_box_secretkeybytes
rrypto_box_seed_keypair
rrypto_box_seedbytes
rrypto_box_zerobytes
rrypto_core_ed25519_add
rrypto_core_ed25519_bytes
rrypto_core_ed25519_from_uniform
rrypto_core_ed25519_is_valid_point
rrypto_core_ed25519_nonreducedscalarbytes
rrypto_core_ed25519_scalar_add
rrypto_core_ed25519_scalar_complement
rrypto_core_ed25519_scalar_invert
rrypto_core_ed25519_scalar_negate
rrypto_core_ed25519_scalar_random
rrypto_core_ed25519_scalar_reduce
rrypto_core_ed25519_scalar_sub
rrypto_core_ed25519_scalarbytes
rrypto_core_ed25519_sub
rrypto_core_ed25519_uniformbytes
rrypto_core_hchacha20
rrypto_core_hchacha20_constbytes
rrypto_core_hchacha20_inputbytes
rrypto_core_hchacha20_keybytes
rrypto_core_hchacha20_outputbytes
rrypto_core_hsalsa20
rrypto_core_hsalsa20_constbytes
rrypto_core_hsalsa20_inputbytes
rrypto_core_hsalsa20_keybytes
rrypto_core_hsalsa20_outputbytes
rrypto_core_salsa20
rrypto_core_salsa2012
rrypto_core_salsa2012_constbytes
rrypto_core_salsa2012_inputbytes
rrypto_core_salsa2012_keybytes
rrypto_core_salsa2012_outputbytes
rrypto_core_salsa208
rrypto_core_salsa208_constbytes
rrypto_core_salsa208_inputbytes
rrypto_core_salsa208_keybytes
rrypto_core_salsa208_outputbytes
rrypto_core_salsa20_constbytes
rrypto_core_salsa20_inputbytes
rrypto_core_salsa20_keybytes
rrypto_core_salsa20_outputbytes
rrypto_generichash
rrypto_generichash_blake2b
rrypto_generichash_blake2b_bytes
rrypto_generichash_blake2b_bytes_max
rrypto_generichash_blake2b_bytes_min
rrypto_generichash_blake2b_final
rrypto_generichash_blake2b_init
rrypto_generichash_blake2b_init_salt_personal
rrypto_generichash_blake2b_keybytes
rrypto_generichash_blake2b_keybytes_max
rrypto_generichash_blake2b_keybytes_min
rrypto_generichash_blake2b_keygen
rrypto_generichash_blake2b_personalbytes
rrypto_generichash_blake2b_salt_personal
rrypto_generichash_blake2b_saltbytes
rrypto_generichash_blake2b_statebytes
rrypto_generichash_blake2b_update
rrypto_generichash_bytes
rrypto_generichash_bytes_max
rrypto_generichash_bytes_min
rrypto_generichash_final
rrypto_generichash_init
rrypto_generichash_keybytes
rrypto_generichash_keybytes_max
rrypto_generichash_keybytes_min
rrypto_generichash_keygen
rrypto_generichash_primitive
rrypto_generichash_statebytes
rrypto_generichash_update
rrypto_hash
rrypto_hash_bytes
rrypto_hash_primitive
rrypto_hash_sha256
rrypto_hash_sha256_bytes
rrypto_hash_sha256_final
rrypto_hash_sha256_init
rrypto_hash_sha256_statebytes
rrypto_hash_sha256_update
rrypto_hash_sha512
rrypto_hash_sha512_bytes
rrypto_hash_sha512_final
rrypto_hash_sha512_init
rrypto_hash_sha512_statebytes
rrypto_hash_sha512_update
rrypto_kdf_blake2b_bytes_max
rrypto_kdf_blake2b_bytes_min
rrypto_kdf_blake2b_contextbytes
rrypto_kdf_blake2b_derive_from_key
rrypto_kdf_blake2b_keybytes
rrypto_kdf_bytes_max
rrypto_kdf_bytes_min
rrypto_kdf_contextbytes
rrypto_kdf_derive_from_key
rrypto_kdf_keybytes
rrypto_kdf_keygen
rrypto_kdf_primitive
rrypto_kx_client_session_keys
rrypto_kx_keypair
rrypto_kx_primitive
rrypto_kx_publickeybytes
rrypto_kx_secretkeybytes
rrypto_kx_seed_keypair
rrypto_kx_seedbytes
rrypto_kx_server_session_keys
rrypto_kx_sessionkeybytes
rrypto_onetimeauth
rrypto_onetimeauth_bytes
rrypto_onetimeauth_final
rrypto_onetimeauth_init
rrypto_onetimeauth_keybytes
rrypto_onetimeauth_keygen
rrypto_onetimeauth_poly1305
rrypto_onetimeauth_poly1305_bytes
rrypto_onetimeauth_poly1305_final
rrypto_onetimeauth_poly1305_init
rrypto_onetimeauth_poly1305_keybytes
rrypto_onetimeauth_poly1305_keygen
rrypto_onetimeauth_poly1305_statebytes
rrypto_onetimeauth_poly1305_update
rrypto_onetimeauth_poly1305_verify
rrypto_onetimeauth_primitive
rrypto_onetimeauth_statebytes
rrypto_onetimeauth_update
rrypto_onetimeauth_verify
rrypto_pwhash
rrypto_pwhash_alg_argon2i13
rrypto_pwhash_alg_argon2id13
rrypto_pwhash_alg_default
rrypto_pwhash_argon2i
rrypto_pwhash_argon2i_alg_argon2i13
rrypto_pwhash_argon2i_bytes_max
rrypto_pwhash_argon2i_bytes_min
rrypto_pwhash_argon2i_memlimit_interactive
rrypto_pwhash_argon2i_memlimit_max
rrypto_pwhash_argon2i_memlimit_min
rrypto_pwhash_argon2i_memlimit_moderate
rrypto_pwhash_argon2i_memlimit_sensitive
rrypto_pwhash_argon2i_opslimit_interactive
rrypto_pwhash_argon2i_opslimit_max
rrypto_pwhash_argon2i_opslimit_min
rrypto_pwhash_argon2i_opslimit_moderate
rrypto_pwhash_argon2i_opslimit_sensitive
rrypto_pwhash_argon2i_passwd_max
rrypto_pwhash_argon2i_passwd_min
rrypto_pwhash_argon2i_saltbytes
rrypto_pwhash_argon2i_str
rrypto_pwhash_argon2i_str_needs_rehash
rrypto_pwhash_argon2i_str_verify
rrypto_pwhash_argon2i_strbytes
rrypto_pwhash_argon2i_strprefix
rrypto_pwhash_argon2id
rrypto_pwhash_argon2id_alg_argon2id13
rrypto_pwhash_argon2id_bytes_max
rrypto_pwhash_argon2id_bytes_min
rrypto_pwhash_argon2id_memlimit_interactive
rrypto_pwhash_argon2id_memlimit_max
rrypto_pwhash_argon2id_memlimit_min
rrypto_pwhash_argon2id_memlimit_moderate
rrypto_pwhash_argon2id_memlimit_sensitive
rrypto_pwhash_argon2id_opslimit_interactive
rrypto_pwhash_argon2id_opslimit_max
rrypto_pwhash_argon2id_opslimit_min
rrypto_pwhash_argon2id_opslimit_moderate
rrypto_pwhash_argon2id_opslimit_sensitive
rrypto_pwhash_argon2id_passwd_max
rrypto_pwhash_argon2id_passwd_min
rrypto_pwhash_argon2id_saltbytes
rrypto_pwhash_argon2id_str
rrypto_pwhash_argon2id_str_needs_rehash
rrypto_pwhash_argon2id_str_verify
rrypto_pwhash_argon2id_strbytes
rrypto_pwhash_argon2id_strprefix
rrypto_pwhash_bytes_max
rrypto_pwhash_bytes_min
rrypto_pwhash_memlimit_interactive
rrypto_pwhash_memlimit_max
rrypto_pwhash_memlimit_min
rrypto_pwhash_memlimit_moderate
rrypto_pwhash_memlimit_sensitive
rrypto_pwhash_opslimit_interactive
rrypto_pwhash_opslimit_max
rrypto_pwhash_opslimit_min
rrypto_pwhash_opslimit_moderate
rrypto_pwhash_opslimit_sensitive
rrypto_pwhash_passwd_max
rrypto_pwhash_passwd_min
rrypto_pwhash_primitive
rrypto_pwhash_saltbytes
rrypto_pwhash_scryptsalsa208sha256
rrypto_pwhash_scryptsalsa208sha256_bytes_max
rrypto_pwhash_scryptsalsa208sha256_bytes_min
rrypto_pwhash_scryptsalsa208sha256_ll
rrypto_pwhash_scryptsalsa208sha256_memlimit_interactive
rrypto_pwhash_scryptsalsa208sha256_memlimit_max
rrypto_pwhash_scryptsalsa208sha256_memlimit_min
rrypto_pwhash_scryptsalsa208sha256_memlimit_sensitive
rrypto_pwhash_scryptsalsa208sha256_opslimit_interactive
rrypto_pwhash_scryptsalsa208sha256_opslimit_max
rrypto_pwhash_scryptsalsa208sha256_opslimit_min
rrypto_pwhash_scryptsalsa208sha256_opslimit_sensitive
rrypto_pwhash_scryptsalsa208sha256_passwd_max
rrypto_pwhash_scryptsalsa208sha256_passwd_min
rrypto_pwhash_scryptsalsa208sha256_saltbytes
rrypto_pwhash_scryptsalsa208sha256_str
rrypto_pwhash_scryptsalsa208sha256_str_needs_rehash
rrypto_pwhash_scryptsalsa208sha256_str_verify
rrypto_pwhash_scryptsalsa208sha256_strbytes
rrypto_pwhash_scryptsalsa208sha256_strprefix
rrypto_pwhash_str
rrypto_pwhash_str_alg
rrypto_pwhash_str_needs_rehash
rrypto_pwhash_str_verify
rrypto_pwhash_strbytes
rrypto_pwhash_strprefix
rrypto_scalarmult
rrypto_scalarmult_base
rrypto_scalarmult_bytes
rrypto_scalarmult_curve25519
rrypto_scalarmult_curve25519_base
rrypto_scalarmult_curve25519_bytes
rrypto_scalarmult_curve25519_scalarbytes
rrypto_scalarmult_ed25519
rrypto_scalarmult_ed25519_base
rrypto_scalarmult_ed25519_base_noclamp
rrypto_scalarmult_ed25519_bytes
rrypto_scalarmult_ed25519_noclamp
rrypto_scalarmult_ed25519_scalarbytes
rrypto_scalarmult_primitive
rrypto_scalarmult_scalarbytes
rrypto_secretbox
rrypto_secretbox_boxzerobytes
rrypto_secretbox_detached
rrypto_secretbox_easy
rrypto_secretbox_keybytes
rrypto_secretbox_keygen
rrypto_secretbox_macbytes
rrypto_secretbox_messagebytes_max
rrypto_secretbox_noncebytes
rrypto_secretbox_open
rrypto_secretbox_open_detached
rrypto_secretbox_open_easy
rrypto_secretbox_primitive
rrypto_secretbox_xchacha20poly1305_detached
rrypto_secretbox_xchacha20poly1305_easy
rrypto_secretbox_xchacha20poly1305_keybytes
rrypto_secretbox_xchacha20poly1305_macbytes
rrypto_secretbox_xchacha20poly1305_messagebytes_max
rrypto_secretbox_xchacha20poly1305_noncebytes
rrypto_secretbox_xchacha20poly1305_open_detached
rrypto_secretbox_xchacha20poly1305_open_easy
rrypto_secretbox_xsalsa20poly1305
rrypto_secretbox_xsalsa20poly1305_boxzerobytes
rrypto_secretbox_xsalsa20poly1305_keybytes
rrypto_secretbox_xsalsa20poly1305_keygen
rrypto_secretbox_xsalsa20poly1305_macbytes
rrypto_secretbox_xsalsa20poly1305_messagebytes_max
rrypto_secretbox_xsalsa20poly1305_noncebytes
rrypto_secretbox_xsalsa20poly1305_open
rrypto_secretbox_xsalsa20poly1305_zerobytes
rrypto_secretbox_zerobytes
rrypto_secretstream_xchacha20poly1305_abytes
rrypto_secretstream_xchacha20poly1305_headerbytes
rrypto_secretstream_xchacha20poly1305_init_pull
rrypto_secretstream_xchacha20poly1305_init_push
rrypto_secretstream_xchacha20poly1305_keybytes
rrypto_secretstream_xchacha20poly1305_keygen
rrypto_secretstream_xchacha20poly1305_messagebytes_max
rrypto_secretstream_xchacha20poly1305_pull
rrypto_secretstream_xchacha20poly1305_push
rrypto_secretstream_xchacha20poly1305_rekey
rrypto_secretstream_xchacha20poly1305_statebytes
rrypto_secretstream_xchacha20poly1305_tag_final
rrypto_secretstream_xchacha20poly1305_tag_message
rrypto_secretstream_xchacha20poly1305_tag_push
rrypto_secretstream_xchacha20poly1305_tag_rekey
rrypto_shorthash
rrypto_shorthash_bytes
rrypto_shorthash_keybytes
rrypto_shorthash_keygen
rrypto_shorthash_primitive
rrypto_shorthash_siphash24
rrypto_shorthash_siphash24_bytes
rrypto_shorthash_siphash24_keybytes
rrypto_shorthash_siphashx24
rrypto_shorthash_siphashx24_bytes
rrypto_shorthash_siphashx24_keybytes
rrypto_sign
rrypto_sign_bytes
rrypto_sign_detached
rrypto_sign_ed25519
rrypto_sign_ed25519_bytes
rrypto_sign_ed25519_detached
rrypto_sign_ed25519_keypair
rrypto_sign_ed25519_messagebytes_max
rrypto_sign_ed25519_open
rrypto_sign_ed25519_pk_to_curve25519
rrypto_sign_ed25519_publickeybytes
rrypto_sign_ed25519_secretkeybytes
rrypto_sign_ed25519_seed_keypair
rrypto_sign_ed25519_seedbytes
rrypto_sign_ed25519_sk_to_curve25519
rrypto_sign_ed25519_sk_to_pk
rrypto_sign_ed25519_sk_to_seed
rrypto_sign_ed25519_verify_detached
rrypto_sign_ed25519ph_final_create
rrypto_sign_ed25519ph_final_verify
rrypto_sign_ed25519ph_init
rrypto_sign_ed25519ph_statebytes
rrypto_sign_ed25519ph_update
rrypto_sign_edwards25519sha512batch
rrypto_sign_edwards25519sha512batch_keypair
rrypto_sign_edwards25519sha512batch_open
rrypto_sign_final_create
rrypto_sign_final_verify
rrypto_sign_init
rrypto_sign_keypair
rrypto_sign_messagebytes_max
rrypto_sign_open
rrypto_sign_primitive
rrypto_sign_publickeybytes
rrypto_sign_secretkeybytes
rrypto_sign_seed_keypair
rrypto_sign_seedbytes
rrypto_sign_statebytes
rrypto_sign_update
rrypto_sign_verify_detached
rrypto_stream
rrypto_stream_chacha20
rrypto_stream_chacha20_ietf
rrypto_stream_chacha20_ietf_keybytes
rrypto_stream_chacha20_ietf_keygen
rrypto_stream_chacha20_ietf_messagebytes_max
rrypto_stream_chacha20_ietf_noncebytes
rrypto_stream_chacha20_ietf_xor
rrypto_stream_chacha20_ietf_xor_ic
rrypto_stream_chacha20_keybytes
rrypto_stream_chacha20_keygen
rrypto_stream_chacha20_messagebytes_max
rrypto_stream_chacha20_noncebytes
rrypto_stream_chacha20_xor
rrypto_stream_chacha20_xor_ic
rrypto_stream_keybytes
rrypto_stream_keygen
rrypto_stream_messagebytes_max
rrypto_stream_noncebytes
rrypto_stream_primitive
rrypto_stream_salsa20
rrypto_stream_salsa2012
rrypto_stream_salsa2012_keybytes
rrypto_stream_salsa2012_keygen
rrypto_stream_salsa2012_messagebytes_max
rrypto_stream_salsa2012_noncebytes
rrypto_stream_salsa2012_xor
rrypto_stream_salsa208
rrypto_stream_salsa208_keybytes

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run.bat

Sharing

General

Malware Config

Signatures

Files

Password: infected

11a1a39236b21f26901723638d814d07

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 18KB