EGItiJ[.]pzr | Triage

Sharing

Copy URL Twitter E-mail

General

Target

EGItiJ.pzr
Size

2.6MB
MD5

dd43a3687e9cf6e9b80e3d3d7cc0820c
SHA1

cde50ec26aec87f687935db7096d8b0a0da49120
SHA256

2d03baffc58cd802375c3b5c454eb8a56164cdfc3b52232df4695fd1c065fc2d
SHA512

d23def6d5731ec4d923de7ab816a1bf54915fa9f9e87202938754b9249750200285b21581f9f8ee8836859882f06f3c1896c92cfe54e263e769f63379abd4361
SSDEEP

49152:k5vmgXP2MfOSjEnKjfHmzHn1aY6SlELfzgtbPTX7qAtK:kFfXPHNjNfHKHziLglPTX7F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
EGItiJ.pzr

Files

EGItiJ.pzr
.dll windows:5 windows x86

909015bb0ca35874a1743eab9c17bb78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetICMProfileA
AbortPath
CreateDiscardableBitmap
EqualRgn

msvcrt

putc
memset

psapi

GetModuleFileNameExA

winmm

joyGetPosEx
midiOutShortMsg

wintrust

CryptCATCDFEnumMembers

winspool.drv

EnumPrintProcessorDatatypesW

ws2_32

WSAGetLastError
select

rasapi32

RasSetEntryPropertiesW

oleaut32

GetRecordInfoFromGuids
SysAllocStringLen
SafeArrayCreate
VariantCopyInd
GetErrorInfo

version

VerFindFileW

setupapi

SetupDiGetDeviceRegistryPropertyA

kernel32

IsValidLocale
GetUserDefaultLCID
LoadLibraryExW
LoadLibraryA
GetModuleFileNameA
GlobalSize
UnregisterWait
GlobalMemoryStatus
GetProcessHeap
GetBinaryTypeW
GetModuleFileNameW
EnterCriticalSection
Process32FirstW
VirtualAlloc
SetStdHandle
InterlockedPushEntrySList
GetSystemTimeAsFileTime
GetVersionExA
SetSystemTime
WaitForSingleObject
CreateMailslotA
IsProcessorFeaturePresent

clusapi

ClusterRegOpenKey

advapi32

InitializeSecurityDescriptor
RegDisablePredefinedCache
RegCloseKey

lz32

GetExpandedNameW

shell32

SHAppBarMessage

user32

CheckMenuItem
CheckMenuRadioItem
CreateWindowExA
MonitorFromRect
ShowWindow
PostQuitMessage
SetLastErrorEx
GetUpdateRgn
WinHelpA

shlwapi

StrRChrW

crypt32

CryptEncodeObject

Exports

Exports

NnewnsrneaYap

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

909015bb0ca35874a1743eab9c17bb78

Headers

File Characteristics

Imports

gdi32

msvcrt

psapi

winmm

wintrust

winspool.drv

ws2_32

rasapi32

oleaut32

version

setupapi

kernel32

clusapi

advapi32

lz32

shell32

user32

shlwapi

crypt32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 104KB - Virtual size: 102KB

.crt0 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 56KB - Virtual size: 52KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 104KB - Virtual size: 102KB

.crt0
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 56KB - Virtual size: 52KB