IDGLDNVLLYRS02_2023-08-22_01_29_24[.]044[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

IDGLDNVLLYRS02_2023-08-22_01_29_24.044.zip
Size

8.2MB
MD5

609416536f8157d57f639abfe8c68b5e
SHA1

438247079a2d925285969d0d8624fcfdc44ab5e1
SHA256

f514195cf41e4b99d77d9d2f7ee592ca0308045c9c9f7de4edf2d45f6a273e5b
SHA512

19b291b5a093d1be383a10c0f36ad511954e876c23dbfb162a91e2a2df4384a6d9672b43db8436de359318723f8940d2e4323b42a139aa0f833795be98a7f404
SSDEEP

196608:Lu4xKO00zZCnILgxYm3JYCtlmaAZnBLSfRqLv8y4:TKyzZ6lxYwlmaAZBBJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/C/Users/justin.saunders/Desktop/AcronisCyberProtect_AgentForWindows_web (1).exe

Files

IDGLDNVLLYRS02_2023-08-22_01_29_24.044.zip
.zip

Password: Malware123
C/Users/justin.saunders/Desktop/AcronisCyberProtect_AgentForWindows_web (1).exe
.exe windows x86

Password: Malware123

0e4793166910c570b3ac9c2558edb28f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageNtHeader

gdiplus

GdipCreateMatrix
GdipMeasureString
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCloneBrush
GdipDeleteBrush
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipSetStringFormatAlign
GdipGetStringFormatAlign
GdipCreatePen1
GdipDeletePen
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDrawRectangleI
GdipDrawImagePointRectI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDrawLineI
GdipLoadImageFromStream
GdipFillPath
GdipDrawPath
GdipGetSmoothingMode
GdipSetSmoothingMode
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipResetClip
GdipSetClipRect
GdipResetWorldTransform
GdipSetWorldTransform
GdipTranslateMatrix
GdipDeleteMatrix
GdipDrawString
GdipSetImageAttributesRemapTable
GdipCreateStringFormat
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipGetCellDescent
GdipGetEmHeight
GdipGetStringFormatLineAlign
GdipSetStringFormatLineAlign
GdipFillRegion
GdipDeleteRegion
GdipCreateRegionHrgn
GdipDrawImageRectRectI
GdipGetImageHeight
GdipGetImageWidth
GdiplusShutdown
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
SetNamedSecurityInfoW
StartServiceW
QueryServiceStatusEx
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumDependentServicesW
DeleteService
CreateServiceW
ControlService
ChangeServiceConfig2W
ChangeServiceConfigW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
EqualSid
AllocateAndInitializeSid
FreeSid
LogonUserW
CheckTokenMembership
RegOpenKeyExA
InitiateSystemShutdownW
OpenProcessToken
OpenThreadToken
GetTokenInformation
AdjustTokenPrivileges
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountSidW
LookupAccountNameW
LookupPrivilegeValueA
GetFileSecurityW
GetExplicitEntriesFromAclW
GetUserNameA
GetUserNameW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegEnumValueW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyA
RegSetKeySecurity
SetSecurityInfo
CloseServiceHandle
CreateProcessAsUserW
CreateProcessWithLogonW
DuplicateTokenEx
RevertToSelf
ImpersonateLoggedOnUser
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
SetThreadToken

kernel32

GlobalUnlock
GetModuleHandleA
Sleep
GetEnvironmentVariableW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryA
LoadLibraryExW
GetModuleFileNameW
FindResourceW
MultiByteToWideChar
LocalFree
FormatMessageW
FlushInstructionCache
GetCurrentProcess
SetLastError
SetThreadExecutionState
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetSystemDirectoryW
CreateFileW
SetErrorMode
LoadLibraryExA
GetVersion
GetShortPathNameA
GetSystemInfo
CreateProcessA
GetWindowsDirectoryA
RemoveDirectoryA
RemoveDirectoryW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
MoveFileExW
GetComputerNameExW
GetVersionExA
LocalAlloc
GetCurrentThread
GetShortPathNameW
FormatMessageA
GetLogicalDriveStringsA
GetLogicalDriveStringsW
LoadLibraryW
GetModuleFileNameA
CreateProcessW
GetStartupInfoA
GetStartupInfoW
GetEnvironmentVariableA
SetEnvironmentVariableA
SetEnvironmentVariableW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
OutputDebugStringA
OutputDebugStringW
GetDriveTypeA
GetDriveTypeW
GetSystemDirectoryA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GlobalLock
CreateDirectoryA
CreateDirectoryW
GetFullPathNameA
GetFullPathNameW
CreateFileA
SetFileAttributesA
SetFileAttributesW
GetFileAttributesA
GetFileAttributesW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CopyFileA
CopyFileW
GetComputerNameA
GetComputerNameW
SetComputerNameA
SetComputerNameW
WideCharToMultiByte
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
GetNumberFormatA
GetNumberFormatW
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
GetLogicalDrives
GetDiskFreeSpaceExW
TerminateProcess
GetExitCodeProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
WaitForSingleObject
GetFileType
GetStdHandle
DuplicateHandle
SetHandleInformation
CreatePipe
WriteFile
ReadFile
IsDebuggerPresent
DebugBreak
SetEvent
ResetEvent
WaitForMultipleObjects
CreateEventA
InitializeCriticalSection
SetThreadPriority
GetThreadPriority
TerminateThread
GetCurrentProcessId
GetTickCount
LCMapStringA
LCMapStringW
GetFileInformationByHandle
DeviceIoControl
GetProcessWorkingSetSize
SetProcessWorkingSetSize
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileTime
GetDiskFreeSpaceW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
LockResource
ExitThread
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLongPathNameW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
CreateThread
CancelIo
GetLocalTime
SystemTimeToFileTime
FindClose
FileTimeToLocalFileTime
GetUserDefaultUILanguage
AreFileApisANSI
GetSystemTime
GetDiskFreeSpaceA
CreateFileMappingA
HeapValidate
HeapCreate
GetVersionExW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
QueryPerformanceCounter
HeapCompact
CreateMutexW
GetFileSize
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VerifyVersionInfoA
MulDiv
GlobalFree
EncodePointer
RtlUnwind
CreateTimerQueue
IsProcessorFeaturePresent
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
GlobalAlloc
ResumeThread
SuspendThread
VerifyVersionInfoW
GetModuleHandleW
SignalObjectAndWait
SwitchToThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCPInfo
ExitProcess
GetModuleHandleExW
SetFilePointerEx
SetStdHandle
PeekNamedPipe
FileTimeToSystemTime
GetConsoleMode
ReadConsoleW
GetACP
GetConsoleCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
CreateSemaphoreW
IsValidCodePage
GetOEMCP
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
UnregisterWaitEx
VirtualAlloc
VirtualFree
VirtualProtect
GetStringTypeW
GetProcAddress
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
lstrlenA
CreateSemaphoreA
GetThreadLocale
QueryPerformanceFrequency
CompareFileTime
SleepEx
GetCommandLineW
GetCurrentDirectoryW

user32

DispatchMessageW
DispatchMessageA
wsprintfW
wvsprintfW
GetUserObjectInformationA
GetProcessWindowStation
GetDesktopWindow
SwitchToThisWindow
GetActiveWindow
GetDlgCtrlID
IsWindowVisible
EnableWindow
ReleaseDC
GetDC
GetSystemMetrics
DialogBoxParamW
SetWindowTextW
IsWindow
CharNextW
DestroyWindow
GetClassNameA
SetParent
GetWindowRect
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
ReleaseCapture
SetWindowLongA
GetFocus
SetFocus
GetDlgItem
EndDialog
SetWindowPos
ShowWindow
PostMessageW
MessageBoxExW
KillTimer
SetTimer
EnumWindows
GetWindowTextLengthW
PeekMessageA
SetForegroundWindow
keybd_event
PeekMessageW
SendMessageA
SendNotifyMessageA
SendNotifyMessageW
PostMessageA
DefWindowProcA
RegisterClassExA
CreateDialogIndirectParamA
CreateDialogIndirectParamW
RegisterClipboardFormatA
RegisterClipboardFormatW
GetClipboardFormatNameA
GetClipboardFormatNameW
VkKeyScanA
VkKeyScanW
WinHelpA
LoadIconW
LoadCursorW
SetWindowLongW
GetWindowLongW
CreateWindowExW
RegisterClassExW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SendMessageW
DefWindowProcW
UnregisterClassW
IsCharAlphaNumericW
VkKeyScanExA
FillRect
ScreenToClient
GetCursorPos
SetCursor
CallWindowProcW
IntersectRect
RedrawWindow
GetClassInfoExW
UpdateLayeredWindow
GetScrollInfo
SetWindowRgn
IsWindowEnabled
CreateWindowExA
TranslateMessage
GetMessageA
CharUpperBuffW
MessageBoxA
SystemParametersInfoW
SystemParametersInfoA
VkKeyScanExW
AppendMenuA
AppendMenuW
ModifyMenuA
ModifyMenuW
SetWindowTextA
GetWindowTextW
GetWindowLongA
SetCapture
WinHelpW
LoadImageW

gdi32

CreateRoundRectRgn
CreateSolidBrush
SetViewportOrgEx
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectA
SetTextColor
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetObjectW
TextOutW
CreateFontIndirectW
EnumFontFamiliesExA
EnumFontFamiliesExW
GetTextMetricsA
GetTextMetricsW
GetDeviceCaps
DPtoLP
CreateRectRgn
BitBlt

comctl32

InitCommonControlsEx

ws2_32

ntohl
gethostbyname
gethostname
WSAIoctl
WSASetLastError
WSAEventSelect
WSAEnumNetworkEvents
WSAStartup
WSACleanup
bind
closesocket
ioctlsocket
htonl
htons
inet_addr
recv
sendto
socket
WSAGetLastError
WSAGetOverlappedResult
getpeername
getsockname
ntohs
setsockopt
getaddrinfo
freeaddrinfo
getnameinfo
__WSAFDIsSet
connect
select
shutdown
WSARecv
WSASend
WSACloseEvent
WSACreateEvent
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
send
accept
getsockopt
listen
recvfrom

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteA
ShellExecuteW
ShellExecuteExA
ShellExecuteExW
SHGetFolderPathA
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
SHGetPathFromIDListA
SHGetFileInfoA
Shell_NotifyIconA

comdlg32

GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW

ole32

CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
OleUninitialize
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
OleRun

oleaut32

SafeArrayGetDim
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCat
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString

shlwapi

PathCanonicalizeW
PathGetCharTypeW
PathGetDriveNumberW
PathIsDirectoryW
PathSearchAndQualifyW
PathAppendW

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 384KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 552KB - Virtual size: 551KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Malware123

Password: Malware123

0e4793166910c570b3ac9c2558edb28f

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

gdiplus

advapi32

kernel32

user32

gdi32

comctl32

ws2_32

shell32

comdlg32

ole32

oleaut32

shlwapi

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 2.6MB - Virtual size: 2.6MB

.data Size: 384KB - Virtual size: 609KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 552KB - Virtual size: 551KB

.reloc Size: 526KB - Virtual size: 526KB

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 384KB - Virtual size: 609KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 552KB - Virtual size: 551KB

.reloc
Size: 526KB - Virtual size: 526KB