ISBEtdWinNut[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ISBEtdWinNut.exe.zip
Size

1.1MB
MD5

13edada419892fce83b9b3b333dc0827
SHA1

b4076ff22698cdba8761c66f5527fa95980b2cc3
SHA256

22cc04723018b45fcbdf92792973e3d1d2dbc270c6ba3dafbb77c4a2f44347b7
SHA512

d6a78b306249f9c7a953af1c1dc8847df5a2ea3ef8689437b65211f0ffff26d49014a67e1078520342c693a75400305e76b13a5df6eb5ec9b7e02dc04bb918fd
SSDEEP

24576:ve9qXAbloX1lpVatgs0Ye4U7Hm37A2kgsK5rw55l:m9TbeNVaOsHUSrZkg3w53

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ISBEtdWinNut.exe

Files

ISBEtdWinNut.exe.zip
.zip

Password: infected
ISBEtdWinNut.exe
.exe windows x64

daf19c5a3e6ac7194295f62c771cb083

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opengl32

glTranslated
glRotated
glPushMatrix
glPopMatrix

kernel32

RtlCaptureContext
GetSystemTimeAsFileTime
ExitProcess
HeapReAlloc
HeapSize
HeapQueryInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RtlLookupFunctionEntry
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStartupInfoW
GetFileTime
GetFileSizeEx
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
GetSystemDirectoryW
lstrlenA
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
RtlVirtualUnwind
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
GlobalGetAtomNameW
WritePrivateProfileStringW
FreeResource
GetCurrentThreadId
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleA
MulDiv
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcess
OpenProcess
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetTickCount
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
LoadLibraryA
GetThreadLocale
CreateFileW
GetVersionExW
FreeLibrary
GetLocalTime
FormatMessageW
LocalFree
CopyFileW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
GlobalFree
CreateThread
CreateMutexW
OpenMutexW
CloseHandle
ReleaseMutex
WaitForSingleObject
MoveFileW
SetFileAttributesW
WideCharToMultiByte
GlobalAddAtomW
GetFileAttributesW
Sleep
GetModuleFileNameW
Beep
GetLastError
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlPcToFileHeader
RaiseException
LeaveCriticalSection
RtlUnwindEx
SetHandleCount

user32

GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
ShowOwnedPopups
WindowFromPoint
SetParent
GetSystemMenu
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
TranslateAcceleratorW
IsZoomed
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
GetMessageW
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
MoveWindow
IsDialogMessageW
IsDlgButtonChecked
CheckDlgButton
LoadMenuW
GetDesktopWindow
GetActiveWindow
CreateDialogIndirectParamW
EndDialog
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
UnregisterClassW
GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
GetParent
EqualRect
DeferWindowPos
GetDlgCtrlID
CallWindowProcW
GetMenu
GetWindowLongW
SystemParametersInfoA
IsIconic
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
GetMenuState
GetMenuItemID
GetSubMenu
EnumWindows
GetWindowThreadProcessId
SetRectEmpty
WaitForInputIdle
RegisterClassW
DefWindowProcW
GetWindow
GetKeyState
PeekMessageW
DispatchMessageW
BringWindowToTop
TranslateMessage
EnumThreadWindows
GetForegroundWindow
FlashWindow
GetWindowTextLengthW
GetWindowPlacement
SetWindowPlacement
MessageBoxW
SetWindowTextW
CreateWindowExW
LoadBitmapW
IntersectRect
GetWindowDC
DestroyWindow
DrawTextW
GetCursor
UpdateWindow
SetCursor
AllowSetForegroundWindow
DrawMenuBar
DeleteMenu
GetDCEx
LockWindowUpdate
PostThreadMessageW
CharUpperW
GetMenuItemCount
AppendMenuW
CreatePopupMenu
GetWindowTextW
InvalidateRect
SetForegroundWindow
ClientToScreen
CharNextW
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
PtInRect
ShowWindow
SetWindowPos
DestroyIcon
IsChild
GetNextDlgTabItem
GetWindowLongPtrW
IsWindowEnabled
SetFocus
InflateRect
PostMessageW
KillTimer
SetTimer
LoadIconW
SendMessageW
GetWindowRect
GetFocus
SetRect
RegisterWindowMessageW
GetSystemMetrics
ReleaseCapture
GetCursorPos
OffsetRect
IsRectEmpty
GetSysColor
EnableWindow
CopyRect
LoadCursorW
IsWindow
SetCapture
RedrawWindow
IsWindowVisible
ReleaseDC
GetDC
ScreenToClient
GetClientRect
SetWindowLongW

gdi32

ExtSelectClipRgn
CreatePatternBrush
CreateHatchBrush
CreateRectRgnIndirect
CreateFontIndirectW
GetMapMode
GetClipBox
GetTextExtentPoint32W
GetCharWidthW
CreateFontW
GetBkColor
GetTextColor
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
IntersectClipRect
SetMapMode
GetObjectW
StretchDIBits
CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteDC
BitBlt
DeleteObject
PatBlt
SetBkMode
SetTextColor
GetTextMetricsW
SetRectRgn
CreateSolidBrush
RestoreDC
SaveDC
CreateCompatibleBitmap
CombineRgn
Ellipse
SetBkColor
ExtTextOutW
GetPixel
GetStockObject
CreateBitmap
MoveToEx
LineTo
GetRgnBox
Polygon
SetTextAlign
TextOutW
CreateBrushIndirect
CreatePen
EndPage
EndDoc
AbortDoc
ExcludeClipRect

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
SetSecurityInfo
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyW

shell32

DragFinish
DragQueryFileW

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleFlushClipboard
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
StringFromCLSID
CoTaskMemFree
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

OleCreateFontIndirect
SafeArrayDestroy
SysFreeString
SysAllocStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
VariantCopy
SysStringLen
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 893KB - Virtual size: 893KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

daf19c5a3e6ac7194295f62c771cb083

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

version

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 893KB - Virtual size: 893KB

.data Size: 103KB - Virtual size: 346KB

.pdata Size: 160KB - Virtual size: 159KB

text Size: 2KB - Virtual size: 2KB

.rsrc Size: 209KB - Virtual size: 208KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 893KB - Virtual size: 893KB

.data
Size: 103KB - Virtual size: 346KB

.pdata
Size: 160KB - Virtual size: 159KB

text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 209KB - Virtual size: 208KB