2X(8)[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2X(8).zip
Size

1.4MB
MD5

cb21195e1b451ad29cb318c8863890de
SHA1

1ea227c05d2428e5fc153bb11a7bc82052436c2b
SHA256

d94ebbe11e23f2332e725d96cda95cc3616505967d58cbbbc04f40ac95b0433a
SHA512

af83130884156c5aab3bd11a80072570699609addb5f347e707a40fc6f2a6e25de32995eff9823baacd254b965c3e33f6b3d587b782e42cd6ca56b2431007056
SSDEEP

24576:kohoiHQMzye3NlpQmYuSMHLs+i/uzLRgc3FG91X2bvfC2xFThq7BjsbLK18efR5l:koaeQMz1b9orDqgc1G91Gb3TFT87l6K5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1.exe
unpack001/2.exe

Files

2X(8).zip
.zip

Password: infected
1.exe
.exe windows x64

4f2f006e2ecf7172ad368f8289dc96c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 638KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 297B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/65
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/78
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/90
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.exe
.exe windows x64

43a5a054bd9f1e36458cd13d4244dabc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtProtectVirtualMemory
NtAllocateVirtualMemory
NtQueueApcThread
NtWriteVirtualMemory
NtTestAlert
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

DragFinish

comctl32

ord411
InitCommonControlsEx
ord412
ord413
ord410

gdi32

DeleteObject
SelectObject
CreateSolidBrush

kernel32

MultiByteToWideChar
WriteConsoleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetLastError
FormatMessageW
AcquireSRWLockExclusive
GetModuleHandleW
GetTempPathW
GetTempFileNameW
CreateActCtxW
ActivateActCtx
LoadLibraryW
ReleaseSRWLockExclusive
CloseHandle
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
GetCurrentProcess
GetCurrentThread
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TryAcquireSRWLockExclusive
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
DeleteFileW
GetConsoleMode
GetFullPathNameW

ole32

CoInitialize

user32

GetCursorPos
EnumChildWindows
IsWindow
GetDC
ReleaseDC
ShowWindow
InvalidateRect
PostMessageW
SendMessageW
SetFocus
GetWindowLongPtrW
SetWindowLongPtrW
UpdateWindow
GetClientRect
AdjustWindowRectEx
SetWindowPos
GetWindowRect
GetParent
ScreenToClient
MonitorFromWindow
GetMonitorInfoW
DefWindowProcW
GetMenuItemCount
GetSubMenu
MessageBoxW
GetClassNameW
DestroyWindow
GetMenuItemID
DeleteMenu
DestroyMenu
SetParent
GetWindowTextLengthW
GetWindowTextW
GetMessageW
GetAncestor
IsDialogMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
LoadCursorW
RegisterClassExW
DrawTextW
FillRect

vcruntime140

_CxxThrowException
__current_exception
memmove
__current_exception_context
memcmp
__CxxFrameHandler3
memset
__C_specific_handler
memcpy

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_seh_filter_exe
_set_app_type
_configure_narrow_argv
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argv
__p___argc
_initialize_onexit_table
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4f2f006e2ecf7172ad368f8289dc96c1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 523KB - Virtual size: 522KB

.rdata Size: 638KB - Virtual size: 637KB

.data Size: 48KB - Virtual size: 396KB

.pdata Size: 15KB - Virtual size: 14KB

.xdata Size: 512B - Virtual size: 156B

/4 Size: 512B - Virtual size: 297B

/19 Size: 121KB - Virtual size: 120KB

/32 Size: 24KB - Virtual size: 23KB

/46 Size: 512B - Virtual size: 48B

/65 Size: 230KB - Virtual size: 229KB

/78 Size: 113KB - Virtual size: 113KB

/90 Size: 43KB - Virtual size: 43KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.symtab Size: 79KB - Virtual size: 79KB

43a5a054bd9f1e36458cd13d4244dabc

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shell32

comctl32

gdi32

kernel32

ole32

user32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 307KB - Virtual size: 307KB

.data Size: 512B - Virtual size: 872B

.pdata Size: 7KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 523KB - Virtual size: 522KB

.rdata
Size: 638KB - Virtual size: 637KB

.data
Size: 48KB - Virtual size: 396KB

.pdata
Size: 15KB - Virtual size: 14KB

.xdata
Size: 512B - Virtual size: 156B

/4
Size: 512B - Virtual size: 297B

/19
Size: 121KB - Virtual size: 120KB

/32
Size: 24KB - Virtual size: 23KB

/46
Size: 512B - Virtual size: 48B

/65
Size: 230KB - Virtual size: 229KB

/78
Size: 113KB - Virtual size: 113KB

/90
Size: 43KB - Virtual size: 43KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

.symtab
Size: 79KB - Virtual size: 79KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 307KB - Virtual size: 307KB

.data
Size: 512B - Virtual size: 872B

.pdata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB