z8-mango3[.]zip

Resubmissions

03/03/2024, 18:27

240303-w3zxaseg52 3

21/07/2023, 11:43

230721-nvyehaee69 3

21/07/2023, 11:38

230721-nr36ksee58 3

Sharing

Copy URL Twitter E-mail

General

Target

z8-mango3.zip
Size

449KB
MD5

03e27e0bf8f91293b344cb9458bce125
SHA1

d6ed5b42d0c15e35d01df664547b09a27455478b
SHA256

59c3b967bce1614da8a894df873163f80540237257bc6afee3c0aba8badaaf72
SHA512

0e578e57b7fc06476b0353ecd251cae9b431ecf61678920d8a7faf946a4d3abf6dfb4bde37e89ebcfa8dd09b2af87cebf7f51177ff62e46d311c3159084badc5
SSDEEP

6144:fQxQWlbuYXAk+3pfk1OSIvZoIrJOe5XU07iUR4Vb81dtLkUa/ppt9FJfvGIY5j63:XWlbupzZ3oWlpU0Go1dtRa/Ht9n9WE

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/z8-mango3/tokumei/NOVAEMEX11.dll
unpack001/z8-mango3/tokumei/mango3.exe

Files

z8-mango3.zip
.zip
z8-mango3/tokumei/NOVAEMEX11.dll
.dll windows x64

848e67e53e71500c742e18bc83e6b830

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualQuery
GetModuleHandleW
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
EncodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
HeapFree
Sleep
GetProcAddress
ExitProcess
DecodePointer
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
z8-mango3/tokumei/NgcSvc.exe
.exe windows x64

0a92b94da34dec34d1e030d1f7f07ef2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:4f:1d:76:a2:b8:05:88:9e:bb:02:d8:97:3d:a2:57
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/03/2022, 00:00

Not After

02/05/2023, 23:59

Subject

CN=Fasoo Co.\, Ltd.,O=Fasoo Co.\, Ltd.,L=Mapo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:db:96:8b:01:af:ab:31:cd:86:ed:b2:65:1e:b4:1c:40:10:b7:c9:9d:38:dd:38:e0:3e:28:4f:8a:9a:dd:43
Signer

Actual PE Digest

62:db:96:8b:01:af:ab:31:cd:86:ed:b2:65:1e:b4:1c:40:10:b7:c9:9d:38:dd:38:e0:3e:28:4f:8a:9a:dd:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
VerSetConditionMask
VerifyVersionInfoW
LocalFree
GetOverlappedResult
ReadFile
WriteFile
CreateFileW
WaitNamedPipeW
WideCharToMultiByte
GetUserDefaultLangID
GetSystemDirectoryW
GetSystemInfo
GetCurrentProcess
CreateProcessW
VirtualProtect
LocalAlloc
DeviceIoControl
GetWindowsDirectoryW
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVolumeInformationA
GetWindowsDirectoryA
ProcessIdToSessionId
GetCurrentProcessId
MulDiv
GetModuleHandleA
LoadLibraryA
ExitProcess
GetCurrentThreadId
DecodePointer
GetCommandLineW
GetExitCodeProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
OutputDebugStringA
OutputDebugStringW
SetLastError
GetLocalTime
GetSystemWindowsDirectoryW
IsBadWritePtr
ResetEvent
OpenFileMappingW
VirtualQuery
IsBadReadPtr
SetFilePointer
VirtualAlloc
VirtualFree
CreateFileA
GetFileSize
OpenFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetFileType
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryExA
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForMultipleObjects
LeaveCriticalSection
SetEvent
HeapAlloc
EnterCriticalSection
DeleteCriticalSection
Sleep
CreateThread
CreateEventW
InitializeCriticalSection
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
OpenMutexW
CreateMutexW
ReleaseMutex
WaitForSingleObject
GetProcAddress
LoadLibraryW
OpenMutexA
CreateMutexA
FreeLibrary
CloseHandle
GetTickCount
GetLastError
RtlVirtualUnwind
RtlCaptureContext
HeapSize
HeapReAlloc
GetProcessHeap
GetStdHandle
GetModuleHandleExW
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
ExitThread
EncodePointer
IsProcessorFeaturePresent
HeapFree
GetFileAttributesW
IsDebuggerPresent

user32

CharLowerA
RegisterWindowMessageW
LoadStringW
DefWindowProcW
GetWindowDC
CharNextW
LoadCursorW
RegisterClassExW
GetSystemMetrics
CreateWindowExW
SetTimer
ReleaseDC
MessageBoxW
FindWindowW
CharUpperW
PostThreadMessageW
RegisterClassW
PostMessageW
DrawTextW
GetClientRect
BeginPaint
RedrawWindow
GetWindowLongW
SetWindowLongW
UnregisterClassW
DestroyWindow
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
EndPaint

gdi32

GetTextExtentPointW
SelectObject
CreateFontW
GetDeviceCaps
DeleteObject
GetStockObject

advapi32

CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegEnumValueW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
SetSecurityInfo
SetEntriesInAclW
ConvertStringSidToSidW
GetSecurityInfo
QueryServiceStatusEx

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoResumeClassObjects
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree

oleaut32

LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

shlwapi

PathRemoveFileSpecW

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
z8-mango3/tokumei/mango3.exe
.exe windows x64

f8e6a644a9d47c7fefc557c011b28d26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemDirectoryW
MultiByteToWideChar
GetCurrentProcessId
GetModuleHandleW
FreeLibrary
GetSystemTimeAsFileTime
WriteFile
GetCurrentProcess
FindNextFileW
SetLastError
WriteConsoleW
HeapSize
GetConsoleCP
FlushFileBuffers
WideCharToMultiByte
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
DeleteFileW
CloseHandle
ReadFile
GetFileSize
GetLastError
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
FindClose
GetProcAddress
LoadLibraryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
LoadLibraryExW
GetStdHandle
ExitProcess
GetModuleHandleExW
GetFileType
SetFilePointerEx
GetConsoleMode

user32

wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

848e67e53e71500c742e18bc83e6b830

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 872B

0a92b94da34dec34d1e030d1f7f07ef2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:4f:1d:76:a2:b8:05:88:9e:bb:02:d8:97:3d:a2:57Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

62:db:96:8b:01:af:ab:31:cd:86:ed:b2:65:1e:b4:1c:40:10:b7:c9:9d:38:dd:38:e0:3e:28:4f:8a:9a:dd:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

Sections

.text Size: 225KB - Virtual size: 225KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 20KB - Virtual size: 37KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

f8e6a644a9d47c7fefc557c011b28d26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 3KB - Virtual size: 19KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 872B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:4f:1d:76:a2:b8:05:88:9e:bb:02:d8:97:3d:a2:57
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

62:db:96:8b:01:af:ab:31:cd:86:ed:b2:65:1e:b4:1c:40:10:b7:c9:9d:38:dd:38:e0:3e:28:4f:8a:9a:dd:43
Signer

.text
Size: 225KB - Virtual size: 225KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 20KB - Virtual size: 37KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 3KB - Virtual size: 19KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB