R3nzSkin[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

R3nzSkin.zip
Size

505KB
MD5

d07fa21aa866323d6e498f63133e4e53
SHA1

485e92c0798565838140d0c64740b72e59e26ca8
SHA256

c94f60300b9abfc861be870f5da5a1a3d9f76610f9aef88f1d3622c49b673b9d
SHA512

e5aa8bbf95ce0b5aa2cf30dbaef3488a06b4acbf0dd44ca5d423a9a464db3e533cafb2884a73fb518f39abd5f2ff1e816e893c1694445c96b04d49ed5d4a6a75
SSDEEP

12288:vrSJ5JbWvvL5k3agnISODswsPIAd5mhYO4bH39wDRqBMcp15+IY8nGtsq8Be:jSPlWV+ISOgZnvm479wDRQtGl8Be

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/R3nzSkin.dll
unpack001/R3nzSkin_Injector.exe

Files

R3nzSkin.zip
.zip
R3nzSkin.dll
.dll windows x64

3e7fa87296ee65121939a06242639ba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleW
VirtualQuery
DisableThreadLibraryCalls
GetCurrentThread
CloseHandle
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetProcAddress
IsValidCodePage
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapAlloc
HeapFree
GetConsoleMode
QueryPerformanceFrequency
GlobalUnlock
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
GetACP
MultiByteToWideChar
GetStdHandle
SetFilePointerEx
GetFileSizeEx
GetModuleFileNameW
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
Sleep
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
WakeAllConditionVariable
SleepConditionVariableSRW
GetSystemTimeAsFileTime
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
RtlUnwind

user32

CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
SetWindowLongW
MessageBoxA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 559KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin_Injector.exe
.exe windows x64

a18ee231b279007219fa9aa4e69d37dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?id@?$collate@D@std@@2V0locale@2@A
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Query_perf_frequency
_Query_perf_counter
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@D@std@@QEBA_NFD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
_Thrd_sleep
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
realloc
free

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_beginthreadex
abort
terminate

vcruntime140

__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
__FrameUnwindFilter
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
strchr
memmove

kernel32

Sleep
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

api-ms-win-crt-stdio-l1-1-0

fsetpos
fflush
setvbuf
fgetpos
_fseeki64
fread
fgetc
ungetc
fputc
fclose
fwrite
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

srand

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e7fa87296ee65121939a06242639ba7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

imm32

d3dcompiler_47

Sections

.text Size: 559KB - Virtual size: 558KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 25KB - Virtual size: 25KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 3KB - Virtual size: 2KB

a18ee231b279007219fa9aa4e69d37dd

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

vcruntime140

kernel32

advapi32

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

mscoree

Sections

.text Size: 73KB - Virtual size: 73KB

.nep Size: 1024B - Virtual size: 656B

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 512B - Virtual size: 168B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 559KB - Virtual size: 558KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 25KB - Virtual size: 25KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 73KB - Virtual size: 73KB

.nep
Size: 1024B - Virtual size: 656B

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 168B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 304B