a84710c8a5ddb5d41897ae45acf3bc9649c834640c41a2f849acfb56a3590075[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

a84710c8a5ddb5d41897ae45acf3bc9649c834640c41a2f849acfb56a3590075.zip
Size

6.3MB
MD5

6b611b9656b960a7b31aa7e826f12cc4
SHA1

d7e8a30e4a4706b8f02961e2c1ddf9495cd67728
SHA256

f234d4220514e1c0f388c6d49168250a00a6beea109fde9c8b939104a25ae89d
SHA512

418a05e7fbc42955fe14c5ba388e521d75a59846aa0d635bc00aaa9f1f92966945f24bc60d91a4f5da014ae417cae5658eaf644e1f28c8dcd612293112b794ed
SSDEEP

196608:/TF/crkTO/HjFk8MJ68bpzTSC/0VirowPem:ZcgAy8MJ685fRJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Api-rp-loading-and-u_422027695.exe
unpack002/_334oxp02.yry.exe

Files

a84710c8a5ddb5d41897ae45acf3bc9649c834640c41a2f849acfb56a3590075.zip
.zip

Password: infected
Api-rp-loading-and-u_422027695.zip
.zip
Api-rp-loading-and-u_422027695.exe
.exe windows x86

5a594319a0d69dbc452e748bcf05892e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_334oxp02.yry.exe
.exe windows x86

500ba930bd34eadbeda95cd88c2d6657

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetFileSecurityW
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

InitCommonControlsEx
PropertySheetW

comdlg32

GetOpenFileNameW

gdi32

BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontW
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectW
GetStockObject
GetTextExtentPoint32W
LineTo
MoveToEx
Rectangle
RoundRect
SelectClipRgn
SelectObject
SetBkColor
SetBkMode
SetDCBrushColor
SetLayout
SetStretchBltMode
SetTextColor
StretchBlt
TextOutW

kernel32

AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareFileTime
CopyFileExW
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateWaitableTimerW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DosDateTimeToFileTime
DuplicateHandle
EnterCriticalSection
EnumSystemLanguageGroupsW
ExpandEnvironmentStringsW
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageA
FormatMessageW
FreeLibrary
GetCommState
GetCommandLineW
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleWindow
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetHandleInformation
GetLastError
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalMemoryStatus
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalFree
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventW
OpenFileMappingW
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadDirectoryChangesW
ReadFile
ReadFileScatter
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleMode
SetCurrentDirectoryW
SetEndOfFile
SetEvent
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SleepEx
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteFileGather
lstrcmpW
lstrcmpiW
lstrcpyW

msimg32

AlphaBlend

msvcrt

__dllonexit
__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_getcwd
_initterm
_iob
_isatty
_lock
_lseeki64
_onexit
_read
_setjmp3
_snwprintf
_strcmpi
_strdup
_strnicmp
_ultoa
_unlock
_vsnprintf
_vsnwprintf
_wcsicmp
_wfopen
_wfsopen
_wmkdir
_wremove
_wrename
_write
_write
_wtoi
abort
atoi
atol
calloc
exit
fclose
feof
fflush
fgetc
fgetpos
fgetws
fopen
fprintf
fputc
fputs
fputws
fread
free
fsetpos
fwprintf
getwc
gmtime
fwrite
getc
getenv
islower
isspace
isupper
iswctype
iswspace
isxdigit
localeconv
localtime
longjmp
malloc
mbtowc
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
rand
realloc
setlocale
setvbuf
signal
sprintf
srand
strcat
strchr
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
swscanf
system
time
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
vswprintf
wcscat
wcschr
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsncat
wcsncpy
wcsrchr
wcsstr
wcstol
wcstombs
wcsxfrm
wctomb

newdev

UpdateDriverForPlugAndPlayDevicesW

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

oleaut32

SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantCopy

setupapi

CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDescriptionW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiLoadClassIcon

shell32

CommandLineToArgvW
DragAcceptFiles
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHFormatDrive
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW
StrStrIA
StrStrIW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrFormatByteSizeW

user32

AdjustWindowRectEx
BeginPaint
CallWindowProcW
CharUpperW
ClientToScreen
CloseClipboard
CreateDialogParamW
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DeleteMenu
DestroyIcon
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawFrameControl
DrawIconEx
DrawTextW
EmptyClipboard
EnableWindow
EndDialog
EndPaint
EnumChildWindows
EnumDisplayDevicesW
FlashWindowEx
GetClassNameW
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgCtrlID
GetDlgItem
GetForegroundWindow
GetIconInfo
GetMenuItemCount
GetMenuItemInfoW
GetMonitorInfoW
GetParent
GetScrollInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowInfo
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InsertMenuItemW
InsertMenuW
InvalidateRect
IsDlgButtonChecked
IsWindow
IsZoomed
KillTimer
LoadCursorW
LoadIconW
MapWindowPoints
MessageBoxW
MonitorFromPoint
MoveWindow
MsgWaitForMultipleObjectsEx
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
RealGetWindowClassW
RegisterClassExW
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetMenuItemInfoW
SetScrollInfo
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowWindow
SwitchToThisWindow
SystemParametersInfoW
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnregisterClassW
wsprintfA
wsprintfW
wvsprintfA

ws2_32

WSAAddressToStringA
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAStringToAddressA
gethostbyaddr
gethostbyname
getservbyname
getservbyport
inet_addr
inet_ntoa

wsock32

AcceptEx
GetAcceptExSockaddrs
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
select
setsockopt
shutdown
socket

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 783KB - Virtual size: 783KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

5a594319a0d69dbc452e748bcf05892e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 718KB - Virtual size: 717KB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 154B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 18KB - Virtual size: 18KB

500ba930bd34eadbeda95cd88c2d6657

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msimg32

msvcrt

newdev

ole32

oleaut32

setupapi

shell32

shlwapi

user32

ws2_32

wsock32

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.data Size: 59KB - Virtual size: 58KB

.rdata Size: 317KB - Virtual size: 316KB

.eh_fram Size: 783KB - Virtual size: 783KB

.bss Size: - Virtual size: 177KB

.idata Size: 16KB - Virtual size: 15KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 415KB - Virtual size: 415KB

.text
Size: 718KB - Virtual size: 717KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 59KB - Virtual size: 58KB

.rdata
Size: 317KB - Virtual size: 316KB

.eh_fram
Size: 783KB - Virtual size: 783KB

.bss
Size: - Virtual size: 177KB

.idata
Size: 16KB - Virtual size: 15KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 415KB - Virtual size: 415KB