bootdecoder[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

bootdecoder.zip
Size

341KB
MD5

276944486fe92de4379efd9dcf667fa8
SHA1

6df2b78653774f263d149d7d1f8803b7f95e2a4c
SHA256

4092271557d4677645efabdac5c87df345de795f01e0e68a1da3c0a5d7fa11e5
SHA512

037363567bca262240a3febe1015f70d6d288ca549ac55f79f183efda47da8a44e2ce2fc5e6dd0e1e5d4bd5b5fd101a96eca235103dd92bc9f6a00cc355f4b11
SSDEEP

6144:PR9Dm7m3oue9XcS97D2km7aNti8OP0j8jlO:PR9gYtelRKuNtircj85O

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bootdecoder/lua.exe
unpack001/bootdecoder/lua54.dll
unpack001/bootdecoder/ndisasm.exe

Files

bootdecoder.zip
.zip
bootdecoder/LICENSE_lua.txt
bootdecoder/LICENSE_nasm.txt
bootdecoder/bootdecoder.bat
bootdecoder/extract.lua
bootdecoder/lua.exe
.exe windows x64

ed674ff46d968d050864dab331d0b0c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

lua54

luaL_callmeta
luaL_checkstack
luaL_checkversion_
luaL_error
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_newstate
luaL_openlibs
luaL_tolstring
luaL_traceback
lua_close
lua_concat
lua_createtable
lua_gc
lua_getglobal
lua_gettop
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushstring
lua_rawgeti
lua_rawseti
lua_rotate
lua_setfield
lua_setglobal
lua_sethook
lua_settop
lua_toboolean
lua_tointegerx
lua_tolstring
lua_touserdata
lua_type
lua_typename
lua_warning

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__mb_cur_max
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_fileno
_fmode
_initterm
_isatty
_lock
_onexit
_unlock
abort
calloc
exit
fflush
fgets
fprintf
fputc
fputs
free
fwrite
getenv
localeconv
malloc
memcpy
signal
strerror
strlen
strncmp
vfprintf
wcslen

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootdecoder/lua54.dll
.dll windows x64

4abb04872ea153eb00239982cab6bf4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryExA
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
__dllonexit
__iob_func
__mb_cur_max
__setusermatherr
_amsg_exit
_errno
_gmtime64
_initterm
_localtime64
_lock
_mktime64
_onexit
_pclose
_popen
_setjmp
_time64
_unlock
abort
acos
asin
calloc
clearerr
clock
cosh
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fread
free
freopen
frexp
fseek
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
ispunct
isspace
isupper
isxdigit
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
realloc
remove
rename
setlocale
setvbuf
signal
sinh
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strpbrk
strrchr
strspn
strstr
system
tan
tanh
tmpfile
tmpnam
tolower
toupper
ungetc
vfprintf
wcslen

Exports

Exports

luaL_addgsub
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_typeerror
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getiuservalue
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdatauv
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resetthread
lua_resume
lua_rotate
lua_setallocf
lua_setcstacklimit
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setiuservalue
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setwarnf
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_toclose
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_warning
lua_xmove
lua_yieldk
luaopen_base
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootdecoder/ndisasm.exe
.exe windows x64

daf50ee9c48c2a6a940ab76a17e17308

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_chsize
_commode
_errno
_filelengthi64
_fileno
_fmode
_fstat64
_initterm
_lock
_onexit
_setmode
_stricmp
_strnicmp
_unlock
_waccess
_wfopen
_wstat64
abort
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fopen
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwrite
isalpha
iscntrl
ispunct
isspace
isxdigit
localeconv
malloc
memcpy
memset
perror
realloc
setvbuf
signal
strchr
strcmp
strerror
strlen
strncmp
strncpy
strpbrk
strtoul
tolower
vfprintf
wcslen
_fileno

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 990KB - Virtual size: 989KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bootdecoder/readme.txt

Sharing

General

Malware Config

Signatures

Files

ed674ff46d968d050864dab331d0b0c0

Headers

File Characteristics

Imports

lua54

kernel32

msvcrt

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 272B

.rdata Size: 3KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 23KB - Virtual size: 23KB

/4 Size: 512B - Virtual size: 80B

/19 Size: 7KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 303B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

4abb04872ea153eb00239982cab6bf4a

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 198KB - Virtual size: 197KB

.data Size: 512B - Virtual size: 240B

.rdata Size: 26KB - Virtual size: 25KB

.pdata Size: 10KB - Virtual size: 10KB

.xdata Size: 10KB - Virtual size: 9KB

.bss Size: - Virtual size: 5KB

.edata Size: 4KB - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 904B

.reloc Size: 1KB - Virtual size: 1KB

/4 Size: 512B - Virtual size: 80B

/19 Size: 7KB - Virtual size: 7KB

/31 Size: 512B - Virtual size: 303B

/45 Size: 1024B - Virtual size: 546B

/57 Size: 512B - Virtual size: 72B

daf50ee9c48c2a6a940ab76a17e17308

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 990KB - Virtual size: 989KB

.pdata Size: 2KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 41KB - Virtual size: 40KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 272B

.rdata
Size: 3KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 23KB - Virtual size: 23KB

/4
Size: 512B - Virtual size: 80B

/19
Size: 7KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 303B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

.text
Size: 198KB - Virtual size: 197KB

.data
Size: 512B - Virtual size: 240B

.rdata
Size: 26KB - Virtual size: 25KB

.pdata
Size: 10KB - Virtual size: 10KB

.xdata
Size: 10KB - Virtual size: 9KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 4KB - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 1KB - Virtual size: 1KB

/4
Size: 512B - Virtual size: 80B

/19
Size: 7KB - Virtual size: 7KB

/31
Size: 512B - Virtual size: 303B

/45
Size: 1024B - Virtual size: 546B

/57
Size: 512B - Virtual size: 72B

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 990KB - Virtual size: 989KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 41KB - Virtual size: 40KB