RJ212641[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

RJ212641.zip
Size

644.3MB
MD5

2c055f851cf869d6e49631e8a8d50da3
SHA1

d87bb62f06fe446e9edfda05a40e6bdb09d2569c
SHA256

27bc7e914d2a9da84200a41eebe3b00c89841db662e656bd1152e0f779616565
SHA512

7a11c700bf82e45892d697b4dc6728062c17497f7cc4aac3f0e6453a5a1c044c45f2153995967cd5d7a32b82feeb9997501153c9c8caf577a4d24f4f727b7527
SSDEEP

12582912:lDyzQ1E8WsLd7yEcwbELxfnW65f6A49p4x6u1Jz1qNTAChJky6ebnyp5CcW1fsxX:lO+EM+wItfnW6hHamz1qN1hdnikcgeH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SuEH[J[1.52/SuEH[J[.exe

Files

RJ212641.zip
.zip
SuEH[J[1.52/data.pac
SuEH[J[1.52/SuEH[J[.exe
.exe windows x86

aaec5f6860e6fe08ca6c828e8cc88777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod
mmioStringToFOURCCA
joyGetPosEx
joyGetDevCapsW
mmioAscend
mmioDescend
mmioSeek
mmioRead
mmioClose
mmioOpenW
timeGetDevCaps

imm32

ImmDisableIME
ImmSetCompositionWindow
ImmGetContext

shlwapi

PathIsDirectoryW
PathFileExistsW

d3d9

Direct3DCreate9

dsound

ord11

kernel32

GetFileType
DecodePointer
GetACP
CreateProcessA
ExitThread
GetModuleHandleExW
VirtualQuery
RtlUnwind
RaiseException
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetTimeFormatW
CompareStringW
FindFirstFileExA
GetCPInfo
EnumSystemLocalesW
GetStringTypeW
GetUserDefaultUILanguage
LockResource
GlobalMemoryStatusEx
LocalFree
GetCurrentProcessId
GetCurrentThread
SetThreadAffinityMask
GetLastError
SetLastError
IsDebuggerPresent
ReleaseMutex
Sleep
LoadResource
SizeofResource
GetFileSize
GetStdHandle
FindClose
CloseHandle
GetLocalTime
GetTickCount
FormatMessageA
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
FindResourceA
EnumResourceTypesA
EnumResourceNamesA
GetTempPathW
GetTempFileNameW
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
AllocConsole
FreeConsole
TerminateThread
WaitForSingleObject
lstrlenA
LoadLibraryExA
GetModuleHandleW
FindResourceW
EnumResourceNamesW
FlushFileBuffers
MapViewOfFile
GetDriveTypeW
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
LockFileEx
LCMapStringW
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
ExitProcess
InterlockedExchange
lstrcmpiA
GetModuleHandleA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
SetEvent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
GetCurrentProcess
DuplicateHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
GetExitCodeProcess
GetDateFormatW
GetLocaleInfoW
IsValidLocale
CreateFileMappingA
GetUserDefaultLCID
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
CreateFileMappingW
MoveFileExW
CreatePipe

user32

EnableMenuItem
CheckMenuItem
GetSystemMenu
GetMenu
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
InsertMenuItemW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
GetKeyState
GetMonitorInfoA
MonitorFromRect
SystemParametersInfoW
IntersectRect
MessageBoxA
GetSystemMetrics
GetActiveWindow
GetDoubleClickTime
MessageBoxW
GetAsyncKeyState
wsprintfW
GetMenuItemInfoW
SetMenuItemInfoW
GetForegroundWindow
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
ScreenToClient
GetWindowLongA
GetWindowLongW
SetWindowLongW
LoadCursorW
DestroyCursor
ReleaseCapture
SetCapture
GetCapture
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
DrawIconEx
GetMenuItemCount
LoadImageA
DefWindowProcW
LoadIconW

gdi32

CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

SHGetFolderPathA
ShellExecuteW
DragAcceptFiles

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 528KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuEH[J[1.52/.txt

Sharing

General

Malware Config

Signatures

Files

aaec5f6860e6fe08ca6c828e8cc88777

Headers

DLL Characteristics

File Characteristics

Imports

winmm

imm32

shlwapi

d3d9

dsound

kernel32

user32

gdi32

shell32

advapi32

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 100KB - Virtual size: 176KB

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 528KB - Virtual size: 528KB

.reloc Size: 184KB - Virtual size: 184KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 100KB - Virtual size: 176KB

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 528KB - Virtual size: 528KB

.reloc
Size: 184KB - Virtual size: 184KB