Col-Server_2023-06-30_16_22_45[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Col-Server_2023-06-30_16_22_45.zip
Size

143KB
MD5

eb74ca6a511a587aaedeac3e55501ecc
SHA1

db815c73148d9e3f3b708e94bd73acaadf2f9d19
SHA256

4e205f45b2325473763bcbc1346beaf163d9f28d1a379c5ab34cdb48e1948a31
SHA512

fc79fe17df9b96b1fe438f68179dbbe78699b31d9d862b1dc3ab00ef3c3e8f40d12f339e719f8ed8b724d1b42bb3d5b6f145abcc5a81f937c3cd058d6f6357f8
SSDEEP

3072:9tJp21zuTgrkylBV/UuIxZ9LHHMgQT8H2LyprhG:Fp8zqgrLlzmRrXtG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Device/HarddiskVolume4/Program Files/KONICA MINOLTA/DPWS/nssm.exe

Files

Col-Server_2023-06-30_16_22_45.zip
.zip

Password: P@ssw0rd11
Device/HarddiskVolume4/Program Files/KONICA MINOLTA/DPWS/nssm.exe
.exe windows x64

Password: P@ssw0rd11

486303637bc6ec8cd38f2967cc02503d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleFileNameExW

shlwapi

PathQuoteSpacesW
PathUnquoteSpacesW
PathFindExtensionW

kernel32

SystemTimeToFileTime
GetFileInformationByHandle
ReadFile
FlushFileBuffers
SetHandleInformation
CreatePipe
GetStdHandle
GetCommandLineW
TlsAlloc
GetModuleFileNameW
GetCurrentThread
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
SetWaitableTimer
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
CreateWaitableTimerW
InitializeCriticalSection
SetConsoleOutputCP
GetConsoleOutputCP
WideCharToMultiByte
CompareFileTime
WriteConsoleW
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetStdHandle
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetOEMCP
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
CopyFileW
FileTimeToSystemTime
Sleep
SetFilePointer
MoveFileW
GetSystemTime
CreateFileW
SetFilePointerEx
SetEndOfFile
WriteFile
DuplicateHandle
FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetExitCodeThread
WaitForSingleObject
GetSystemTimeAsFileTime
CloseHandle
GetExitCodeProcess
GetCurrentProcess
GetProcessAffinityMask
GetEnvironmentVariableW
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetComputerNameW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
CreateFileA
IsValidCodePage
MultiByteToWideChar
FlsGetValue
DecodePointer
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
EncodePointer

user32

GetProcessWindowStation
LoadImageW
SetWindowLongPtrW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
GetWindowLongPtrW
SetFocus
ShowWindow
CheckRadioButton
PostMessageW
SetDlgItemInt
SendMessageW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
GetDlgItem
EnableWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetWindowThreadProcessId
PostThreadMessageW
EnumWindows
SetWindowPos
GetSystemMetrics

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
QueryServiceStatusEx
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceDisplayNameW
GetServiceKeyNameW
EnumServicesStatusExW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
OpenThreadToken
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: P@ssw0rd11

Password: P@ssw0rd11

486303637bc6ec8cd38f2967cc02503d

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

kernel32

user32

comdlg32

advapi32

shell32

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 208KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 159KB - Virtual size: 159KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 208KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 159KB - Virtual size: 159KB