th19[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

th19.zip
Size

650.0MB
MD5

308fe358de60f3ade752d255b0d42ab8
SHA1

eb27730415252e2d39bc25f7ec33d1c72b1a7d17
SHA256

137701bdf5420a52c98aee90617f5dc61ffc0b399c1698f5cf50feb23046ca1c
SHA512

4cad089d0ad1b0013d9f5097c2f8dfd27f66f245d8b2ad3e2e6e5db2a997dc2ea0494c863195bade1addc188815802d13b5e0ac22dd9f54a044561d7142331f6
SSDEEP

12582912:m/kI2aAg4Cbf//R0zAHkeGdszoS036X14sZvyZm:MXbf//ZvzoU4ivAm

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/New folder/custom.exe
unpack001/New folder/th19.exe

Files

th19.zip
.zip
New folder/custom.exe
.exe windows x86

c6458a6431b13271a0e918922a5a1f5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
GetLastError
LocalFree
FormatMessageA
GetUserDefaultLCID
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
DecodePointer

user32

SetTimer
IsDlgButtonChecked
MessageBoxA
EndDialog
DialogBoxParamA
SendMessageA
GetDlgItem
KillTimer

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
New folder/omake.txt
New folder/readme.txt
New folder/th19.dat
New folder/th19.exe
.exe windows x86

01962ab9b560fcd4cdacc6c109527a78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

joyGetPosEx
timeGetTime
timeEndPeriod
joyGetDevCapsW
timeBeginPeriod

kernel32

CreateMutexW
GetLastError
GetConsoleTitleW
GetStartupInfoW
GetUserDefaultLCID
CreateEventW
CreateThread
CreateFileW
SetFilePointer
CloseHandle
ReadFile
WaitForSingleObject
GetFileSize
FormatMessageW
LocalFree
WriteFile
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
GetCurrentDirectoryW
OutputDebugStringW
GetLocalTime
GetCurrentThreadId
GetModuleFileNameW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetLocaleInfoEx
FormatMessageA
GetProcAddress
GetModuleHandleW
GetEnvironmentVariableW
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DecodePointer
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleOutputCP
AreFileApisANSI
SetUnhandledExceptionFilter
GetCurrentProcess
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetTimeZoneInformation
GetFileType
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
GetStdHandle
ExitProcess
GetCPInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SetEnvironmentVariableW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
SetLastError
RaiseException
InterlockedPushEntrySList
RtlUnwind
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
FindNextFileW
FindFirstFileExW
FindClose
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
CreateDirectoryW
SetCurrentDirectoryW
TerminateProcess

user32

ShowCursor
SetCursor
ReleaseDC
TranslateMessage
DispatchMessageW
GetWindowRect
SetWindowLongW
WINNLSEnableIME
GetDC
PeekMessageW
ShowWindow
MessageBoxW
MsgWaitForMultipleObjects
PostThreadMessageW
KillTimer
SetTimer
SetKeyboardState
GetKeyboardState
CheckRadioButton
IsDialogMessageW
EnableWindow
CreateDialogParamW
IsDlgButtonChecked
GetDlgItem
SendMessageW
SetForegroundWindow
AdjustWindowRectEx
CreateWindowExW
RegisterClassW
EnumDisplaySettingsW
SystemParametersInfoW
DefWindowProcW
LoadCursorW
DestroyWindow
MoveWindow
GetSystemMetrics
SetWindowPos

gdi32

GetDeviceCaps
GetStockObject
TextOutW
EnumFontFamiliesExW
SetTextColor
SetBkMode
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
DeleteObject
CreateFontW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantInit

dinput8

DirectInput8Create

dsound

ord11

d3d9

Direct3DCreate9

d3dx9_43

D3DXMatrixTranslation
D3DXLoadSurfaceFromSurface
D3DXLoadSurfaceFromFileInMemory
D3DXVec3Transform
D3DXMatrixRotationZ
D3DXMatrixLookAtLH
D3DXMatrixMultiply
D3DXMatrixRotationX
D3DXVec3Project
D3DXLoadSurfaceFromMemory
D3DXCreateTexture
D3DXVec3ProjectArray
D3DXMatrixRotationY
D3DXMatrixPerspectiveFovLH

xinput1_4

ord2

ws2_32

setsockopt
send
recv
ntohs
select
__WSAFDIsSet
inet_ntop
htonl
ntohl
getaddrinfo
freeaddrinfo
inet_pton
bind
closesocket
WSAGetLastError
WSACleanup
WSAStartup
socket
sendto
recvfrom
getsockname
ioctlsocket
connect
htons

bcrypt

BCryptDecrypt
BCryptCloseAlgorithmProvider
BCryptDestroyKey
BCryptGenRandom
BCryptSetProperty
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptOpenAlgorithmProvider

winhttp

WinHttpWebSocketClose
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpWebSocketCompleteUpgrade
WinHttpWebSocketSend
WinHttpWebSocketReceive

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 473KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder/thbgm.dat

Sharing

General

Malware Config

Signatures

Files

c6458a6431b13271a0e918922a5a1f5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 52KB - Virtual size: 52KB

01962ab9b560fcd4cdacc6c109527a78

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

ole32

oleaut32

dinput8

dsound

d3d9

d3dx9_43

xinput1_4

ws2_32

bcrypt

winhttp

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 254KB - Virtual size: 253KB

.data Size: 56KB - Virtual size: 473KB

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 84KB - Virtual size: 83KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 52KB - Virtual size: 52KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 254KB - Virtual size: 253KB

.data
Size: 56KB - Virtual size: 473KB

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 84KB - Virtual size: 83KB