a1f71fba5d3d57e00c82336c9e240e9b3f22e5473bd12d90a7040468cf3ee46c[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

a1f71fba5d3d57e00c82336c9e240e9b3f22e5473bd12d90a7040468cf3ee46c.zip
Size

532KB
MD5

491ca8e0e67e14266b1d3c7bce76b931
SHA1

2b01b2161891a2eea3283b4cfb76a186d5e7a3bf
SHA256

a1f71fba5d3d57e00c82336c9e240e9b3f22e5473bd12d90a7040468cf3ee46c
SHA512

b17abfe953606caef9bfec003c1838a261c3d2555f91818ebd20eff688bf48dbf69758be741a5d95fd1a893d7322e08ca9500c3a814ae92f35e5f977c66ac6f5
SSDEEP

12288:opYjdYYqhSvAoqB1NgVOmFxxFnATOy4qjp89YfzIVuLZtu4VomnE3VhGm:IsdDDvAlpsOmFx+USCbVuLZ363XGm

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Metadata/meta.exe
unpack001/Metadata/mscms.dll

Files

a1f71fba5d3d57e00c82336c9e240e9b3f22e5473bd12d90a7040468cf3ee46c.zip
.zip
Esure Preliminary Audit Results.docx.lnk
.lnk
Metadata/docx_icon.ico
Metadata/meta.exe
.exe windows x64

bf699192bc903253be75cbd63776138c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapSetInformation
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
TerminateProcess

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter

colorui

LaunchColorCpl

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Metadata/mscms.dll
.dll regsvr32 windows x64

70854bd6f911b42a878455c20da9e3e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SizeofResource
GetCurrentProcess
WaitForSingleObject
LockResource
LoadResource
FindResourceW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memset
__std_type_info_destroy_list
_CxxThrowException
__C_specific_handler
__std_terminate
__std_exception_copy
memcpy
memcmp
__std_exception_destroy
memmove

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_cexit

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Exports

Exports

AssociateColorProfileWithDeviceA
AssociateColorProfileWithDeviceW
CheckBitmapBits
CheckColors
CloseColorProfile
CloseDisplay
ColorAdapterGetCurrentProfileCalibration
ColorAdapterGetDisplayCurrentStateID
ColorAdapterGetDisplayProfile
ColorAdapterGetDisplayTargetWhitePoint
ColorAdapterGetDisplayTransformData
ColorAdapterGetSystemModifyWhitePointCaps
ColorAdapterRegisterOEMColorService
ColorAdapterUnregisterOEMColorService
ColorAdapterUpdateDeviceProfile
ColorAdapterUpdateDisplayGamma
ColorCplGetDefaultProfileScope
ColorCplGetDefaultRenderingIntentScope
ColorCplGetProfileProperties
ColorCplHasSystemWideAssociationListChanged
ColorCplInitialize
ColorCplLoadAssociationList
ColorCplMergeAssociationLists
ColorCplOverwritePerUserAssociationList
ColorCplReleaseProfileProperties
ColorCplResetSystemWideAssociationListChangedWarning
ColorCplSaveAssociationList
ColorCplSetUsePerUserProfiles
ColorCplUninitialize
ColorProfileAddDisplayAssociation
ColorProfileGetDisplayDefault
ColorProfileGetDisplayList
ColorProfileGetDisplayUserScope
ColorProfileRemoveDisplayAssociation
ColorProfileSetDisplayDefaultAssociation
ConvertColorNameToIndex
ConvertIndexToColorName
CreateColorTransformA
CreateColorTransformW
CreateDeviceLinkProfile
CreateMultiProfileTransform
CreateProfileFromLogColorSpaceA
CreateProfileFromLogColorSpaceW
DccwCreateDisplayProfileAssociationList
DccwGetDisplayProfileAssociationList
DccwGetGamutSize
DccwReleaseDisplayProfileAssociationList
DccwSetDisplayProfileAssociationList
DeleteColorTransform
DeviceRenameEvent
DisassociateColorProfileFromDeviceA
DisassociateColorProfileFromDeviceW
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EnumColorProfilesA
EnumColorProfilesW
GenerateCopyFilePaths
GetCMMInfo
GetColorDirectoryA
GetColorDirectoryW
GetColorProfileElement
GetColorProfileElementTag
GetColorProfileFromHandle
GetColorProfileHeader
GetCountColorProfileElements
GetNamedProfileInfo
GetPS2ColorRenderingDictionary
GetPS2ColorRenderingIntent
GetPS2ColorSpaceArray
GetStandardColorSpaceProfileA
GetStandardColorSpaceProfileW
InstallColorProfileA
InstallColorProfileW
InternalGetAppliedGDIGammaRamp
InternalGetAppliedGammaRamp
InternalGetDeviceConfig
InternalGetDeviceGammaCapability
InternalGetPS2CSAFromLCS
InternalGetPS2ColorRenderingDictionary
InternalGetPS2ColorRenderingDictionary2
InternalGetPS2ColorSpaceArray
InternalGetPS2ColorSpaceArray2
InternalGetPS2PreviewCRD
InternalGetPS2PreviewCRD2
InternalRefreshCalibration
InternalSetDeviceConfig
InternalSetDeviceGDIGammaRamp
InternalSetDeviceGammaRamp
InternalSetDeviceTemperature
InternalWcsAssociateColorProfileWithDevice
InternalWcsDisassociateColorProfileWithDevice
IsColorProfileTagPresent
IsColorProfileValid
OpenColorProfileA
OpenColorProfileW
OpenDisplay
RegisterCMMA
RegisterCMMW
SelectCMM
SetColorProfileElement
SetColorProfileElementReference
SetColorProfileElementSize
SetColorProfileHeader
SetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
SpoolerCopyFileEvent
Start
TextShaping
TranslateBitmapBits
TranslateColors
UninstallColorProfileA
UninstallColorProfileW
UnregisterCMMA
UnregisterCMMW
WcsAssociateColorProfileWithDevice
WcsCheckColors
WcsCreateIccProfile
WcsDisassociateColorProfileFromDevice
WcsEnumColorProfiles
WcsEnumColorProfilesSize
WcsGetCalibrationManagementState
WcsGetDefaultColorProfile
WcsGetDefaultColorProfileSize
WcsGetDefaultRenderingIntent
WcsGetUsePerUserProfiles
WcsGpCanInstallOrUninstallProfiles
WcsOpenColorProfileA
WcsOpenColorProfileW
WcsSetCalibrationManagementState
WcsSetDefaultColorProfile
WcsSetDefaultRenderingIntent
WcsSetUsePerUserProfiles
WcsTranslateColors

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
meta.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

bf699192bc903253be75cbd63776138c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

colorui

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 204B

.rsrc Size: 78KB - Virtual size: 77KB

.reloc Size: 512B - Virtual size: 32B

70854bd6f911b42a878455c20da9e3e6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 204B

.rsrc
Size: 78KB - Virtual size: 77KB

.reloc
Size: 512B - Virtual size: 32B

.text
Size: 33KB - Virtual size: 32KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 512B - Virtual size: 136B