Release[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Release.zip
Size

160KB
MD5

3da78a76dd2a8ef03f6a81ecaf0d85e8
SHA1

786d9ea24eb1606d533d2462292920263e8349d5
SHA256

a028b44ec11ddfa7a19d07e5d6edfa1d082103682a3223442256488da98617e4
SHA512

bb3b094b1f9a7da9966039dda5fe78dd3fc65bccf61fad8c983d7fe25f5e7789da66a5fdd4c50ebc2a27d0b71e30f85154566203d7bfc1fdd3b723bbe4814fe2
SSDEEP

3072:NZd9KsUOf29LKkX3iwlg40/IEmUNr0knso717OFhCPpkc4TGaI:N0sru5KLwKjIEXgknp71K6kppI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SubZeroFN.exe

Files

Release.zip
.zip
Instructions.txt
SubZeroFN.exe
.exe windows x64

06f2e983f62b70f3822b541e94dfeff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetStdHandle
CreateFileA
FlushFileBuffers
Beep
CloseHandle
Sleep
GetCurrentProcessId
CreateThread
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
GlobalFree
SetConsoleTextAttribute
SetConsoleTitleA
CreateToolhelp32Snapshot
Process32Next
GlobalLock
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
GlobalAlloc
GetSystemTimeAsFileTime
InitializeSListHead

user32

GetWindow
FindWindowA
SetWindowLongA
GetWindowLongA
GetWindowRect
GetForegroundWindow
UpdateWindow
GetSystemMetrics
mouse_event
GetAsyncKeyState
SetCursor
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
UnregisterClassA
RegisterClassA
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
SetWindowPos
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetActiveWindow
GetKeyState
GetCapture
SetCapture
ReleaseCapture
GetClientRect
SetCursorPos
ClientToScreen
LoadCursorA
ScreenToClient
GetCursorPos

gdi32

GetStockObject

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Random_device@std@@YAIXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

d3d9

Direct3DCreate9Ex

ntdll

ZwCreateKey
ZwSetValueKey
ZwOpenKey
ZwClose
ZwQueryValueKey
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

vcruntime140

memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
memmove
__current_exception
__current_exception_context
memchr
strstr
__std_terminate
__C_specific_handler
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

strcmp
wcscpy_s
isprint
strncpy

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vsprintf_s
_set_fmode
fflush
fclose
_wfopen
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vsprintf
__p__commode
fwrite
ftell
__stdio_common_vfprintf
fseek

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

fmodf
__setusermatherr
ceilf
cosf
floorf
sinf
sqrtf
tanf
fmod
fabs
pow
powf
sqrt
atan2
atan
asin

api-ms-win-crt-runtime-l1-1-0

exit
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
_invalid_parameter_noinfo_noreturn
__p___argc
_exit
_initterm_e
terminate
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
system
_seh_filter_exe
_set_app_type
_initterm
_get_initial_narrow_environment

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06f2e983f62b70f3822b541e94dfeff8

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

imm32

msvcp140

d3d9

ntdll

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 251KB - Virtual size: 251KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 7KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 251KB - Virtual size: 251KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 7KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB