zandronum[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

zandronum.exe
Size

7.5MB
MD5

9d7c70df6533dca59f84bb521dbe6faf
SHA1

27be1a33bd00397754120a237816bbf15cb73324
SHA256

bcfe433af5e33bb9f67599ee8b505ab79978322107a78d6f4a769559b2c92363
SHA512

3312b115a0deeac4d7b2f0236464c873a90d34b79a0eda0acaac1b980feda518b4cb9242b6a093620eaa2890ec2da3a254832a82012098ca9485a03c96ffb179
SSDEEP

196608:kelo7qOXYFj60tUZwBuLuECF9yQs9JoQ91epg:kNZXYFj60tUZUEF7R91e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zandronum.exe

Files

zandronum.exe
.exe windows x86

5f618d83a2e559398df4c75d2dedb936

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

inet_ntoa
closesocket
bind
ioctlsocket
WSASetLastError
inet_addr
recvfrom
sendto
send
recv
connect
gethostname
setsockopt
ntohs
getsockname
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
htons

winmm

midiOutGetDevCapsA
timeGetDevCaps
timeBeginPeriod
timeGetTime
timeSetEvent
timeKillEvent
timeEndPeriod
midiOutGetNumDevs
midiStreamOpen
midiStreamClose
midiStreamProperty
midiStreamOut
midiStreamRestart
midiStreamStop
midiOutGetVolume
midiOutSetVolume
midiOutPrepareHeader
midiOutReset
midiOutShortMsg
midiOutUnprepareHeader
mciSendCommandA

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket

user32

CreatePopupMenu
GetDlgItemTextA
DrawAnimatedRects
EnumDisplayMonitors
GetMonitorInfoA
ChangeDisplaySettingsExA
GetDesktopWindow
AdjustWindowRectEx
CreateIconIndirect
DestroyCursor
SetParent
SetClassLongA
GetAsyncKeyState
GetDlgCtrlID
SendDlgItemMessageA
SetDlgItemTextA
MapDialogRect
LoadImageA
LoadIconA
LoadCursorA
SetRect
FillRect
GetWindowTextLengthA
DrawIcon
SendMessageW
GetMessageA
wsprintfA
GetClassLongA
ClipCursor
GetCursorPos
SetCursorPos
DestroyMenu
IsDialogMessageA
SetCursor
InvalidateRect
ReleaseCapture
SetCapture
MapVirtualKeyA
GetKeyState
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
PostQuitMessage
TranslateMessage
GetUpdateRect
EndPaint
BeginPaint
UnregisterClassA
RegisterClassA
DefWindowProcA
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
EnumDisplaySettingsA
GetFocus
GetActiveWindow
ReleaseDC
GetDC
GetSystemMetrics
GetScrollInfo
SetScrollInfo
AppendMenuA
TrackPopupMenu
SetActiveWindow
SystemParametersInfoA
GetForegroundWindow
GetParent
SetWindowLongA
GetWindowLongA
ScreenToClient
ClientToScreen
MessageBeep
MessageBoxA
GetWindowRect
GetClientRect
GetWindowTextA
SetWindowTextA
ScrollWindow
SetForegroundWindow
UpdateWindow
EnableWindow
KillTimer
SetTimer
SetFocus
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
EndDialog
DialogBoxParamA
CreateDialogParamA
SetWindowPos
MoveWindow
SendMessageA
CallWindowProcA
CreateWindowExA
DestroyWindow
ShowWindow
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

gdi32

SetPixelV
SetMapMode
SetBkColor
SelectObject
GetMapMode
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
SelectPalette
RealizePalette
DPtoLP
GetStockObject
DeleteObject
CreatePalette
CreateDIBSection
ExtTextOutA
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
GetDeviceGammaRamp
SetDeviceGammaRamp
SwapBuffers
CreateFontIndirectA
CreateSolidBrush
GetDeviceCaps
GetTextExtentPoint32A
SetBkMode
StretchDIBits
SetTextColor
SetTextAlign
GetTextMetricsA
TextOutA
CreateBrushIndirect
GetSystemPaletteEntries
Rectangle
GetObjectA
CreateFontA

comctl32

ord17
ord6

comdlg32

GetSaveFileNameA

oleaut32

SysFreeString
SysAllocString

opengl32

glShadeModel
glLineWidth
glHint
glFogi
glFinish
glClearDepth
glTexEnvi
glPixelStorei
glGetString
glNormal3fv
glIsEnabled
glDepthRange
glClipPlane
glReadPixels
glPolygonOffset
glGetIntegerv
glGetBooleanv
glFrustum
glFlush
glDrawBuffer
glDepthFunc
glCopyTexSubImage2D
glColor4fv
glVertex3fv
glTranslatef
glScalef
glRotatef
glPushMatrix
glDrawArrays
glStencilOp
glStencilFunc
glPopMatrix
glDepthMask
glColorMask
glTexParameteri
glTexParameterf
glTexCoord2fv
glGenTextures
glDeleteTextures
glBindTexture
glTexGeni
glFogfv
glFogf
glViewport
glVertex3f
glVertex2i
glVertex2f
glVertex2d
glTexCoord2f
glScissor
glOrtho
glMatrixMode
glLoadIdentity
glEnd
glEnable
glDisable
glColor4ub
glColor4f
glColor3ub
glColor3f
glClearColor
glClear
glBlendFunc
glBegin
glAlphaFunc
glVertexPointer
glTexCoordPointer
glEnableClientState
glDisableClientState
wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext
glFrontFace
glDrawElements
glTexImage2D

glu32

gluPerspective
gluScaleImage

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore

kernel32

TryEnterCriticalSection
AreFileApisANSI
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
GetVersionExW
HeapValidate
HeapSize
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
SystemTimeToFileTime
GetSystemTime
CreateFileMappingW
GetTickCount
FlushFileBuffers
ReadConsoleW
GetConsoleMode
FindNextFileW
FindFirstFileW
LoadLibraryW
ConvertFiberToThread
DeleteFiber
FormatMessageW
GetModuleHandleExW
MultiByteToWideChar
GetModuleHandleW
GetFileType
GetEnvironmentVariableW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
SearchPathA
CreateProcessA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
PeekNamedPipe
CreatePipe
SetLastError
GetExitCodeProcess
TerminateProcess
HeapFree
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
RaiseException
LoadLibraryExW
GetCommandLineW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetDriveTypeW
LoadLibraryExA
SetFilePointerEx
FreeLibraryAndExitThread
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
HeapCreate
VirtualProtect
WideCharToMultiByte
GetACP
lstrcpyA
SuspendThread
SetConsoleTextAttribute
GetLocaleInfoA
QueryPerformanceFrequency
QueryPerformanceCounter
FindNextFileA
FindFirstFileA
GetFileAttributesExA
FindClose
GetLongPathNameA
ReadConsoleA
AllocConsole
FlushConsoleInputBuffer
SetConsoleMode
GetCommandLineA
MulDiv
DuplicateHandle
GetStdHandle
GetFileInformationByHandle
QueueUserAPC
GetCurrentThread
SetUnhandledExceptionFilter
ExitProcess
SetPriorityClass
SleepEx
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExA
CreateFileA
GetTempFileNameA
GetTempPathA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetExitCodeThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapAlloc
VirtualQuery
GetProcAddress
FreeLibrary
SetThreadPriority
CreateEventA
CloseHandle
WaitForMultipleObjects
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitThread
CreateThread
Sleep
WaitForSingleObject
FormatMessageA
GetLastError
LocalFree
EnumSystemLocalesW
CreateDirectoryW
RemoveDirectoryW
SetStdHandle
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
OutputDebugStringA
HeapReAlloc

shell32

Shell_NotifyIconA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetFolderPathA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CryptReleaseContext
CryptGenRandom
GetUserNameA
CredWriteA
CredReadA
CredFree
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
CryptAcquireContextA

bcrypt

BCryptGenRandom

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rtext
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 21.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 772KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f618d83a2e559398df4c75d2dedb936

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

ole32

user32

gdi32

comctl32

comdlg32

oleaut32

opengl32

glu32

crypt32

kernel32

shell32

advapi32

bcrypt

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rtext Size: 7KB - Virtual size: 7KB

.rdata Size: 925KB - Virtual size: 925KB

.data Size: 110KB - Virtual size: 21.9MB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 480B

.rsrc Size: 772KB - Virtual size: 772KB

.reloc Size: 313KB - Virtual size: 312KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rtext
Size: 7KB - Virtual size: 7KB

.rdata
Size: 925KB - Virtual size: 925KB

.data
Size: 110KB - Virtual size: 21.9MB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 480B

.rsrc
Size: 772KB - Virtual size: 772KB

.reloc
Size: 313KB - Virtual size: 312KB