release_JC[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

release_JC.zip
Size

1.6MB
MD5

3d854a29c35902e2ef8ad796f7b62108
SHA1

505c367ad2d74b1fad2ecb070705890b044f2e8a
SHA256

c619e92d516921b48efdddfc63bc752b1f920ebd005a0335a5e8bba56c8b7d16
SHA512

30d6a47495e83e667f4e570072b92495a47d377b3a220e62fc4ed943104af01e2fe42765982f915b9ecdd4c2dca78e0eb2b3635ab5199c472df38add95d2af78
SSDEEP

49152:qo3v9B2DH5IhuKQxXxOnAWULAqtIk1QTx9sNQ:qo/925GN+xObwAVk1asa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/mtk.exe

resource
unpack001/mtk.exe

Files

release_JC.zip
.zip
mtk.exe
.exe windows:6 windows x64

67369187d395d43495f72ffdf9b69f9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

NtCreateFile
RtlCaptureContext
RtlNtStatusToDosError
RtlLookupFunctionEntry
NtReadFile
RtlVirtualUnwind
NtWriteFile
NtDeviceIoControlFile
NtCancelIoFileEx

kernel32

GetCurrentProcessId
SetHandleInformation
TryAcquireSRWLockExclusive
GetCurrentProcess
DuplicateHandle
GetSystemInfo
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetConsoleWindow
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetFileInformationByHandle
GetConsoleMode
ReleaseSRWLockShared
AcquireSRWLockShared
TerminateProcess
OpenProcess
Process32NextW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
Process32FirstW
CreateToolhelp32Snapshot
FlushFileBuffers
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
AcquireSRWLockExclusive
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
FindNextFileW
CreateFileW
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
ReleaseSRWLockExclusive
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
CloseHandle
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
UnhandledExceptionFilter
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
CompareStringOrdinal

user32

GetForegroundWindow
GetWindowLongPtrW
FindWindowA
ShowWindow
SetForegroundWindow
SetWindowLongPtrW
GetSystemMenu
RemoveMenu

advapi32

SystemFunction036
GetUserNameW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ws2_32

getpeername
getsockname
send
WSASend
WSASocketW
setsockopt
WSAIoctl
closesocket
WSAStartup
connect
ioctlsocket
getsockopt
shutdown
WSAGetLastError
freeaddrinfo
recv
getaddrinfo
WSACleanup
bind

secur32

FreeCredentialsHandle
EncryptMessage
InitializeSecurityContextW
AcceptSecurityContext
FreeContextBuffer
DecryptMessage
ApplyControlToken
DeleteSecurityContext
QueryContextAttributesW
AcquireCredentialsHandleA

crypt32

CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertFreeCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateStore
CertFreeCertificateChain

bcrypt

BCryptGenRandom

vcruntime140

__C_specific_handler
__current_exception
__CxxFrameHandler3
memcmp
memcpy
_CxxThrowException
memset
memmove
__current_exception_context

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

terminate
_set_app_type
_seh_filter_exe
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
__p___argv
exit
_exit
_crt_atexit
__p___argc
_initialize_onexit_table

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mtk.exe.manifest

Sharing

General

Malware Config

Signatures

Files

67369187d395d43495f72ffdf9b69f9b

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

ws2_32

secur32

crypt32

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 15KB - Virtual size: 17KB

.pdata Size: 138KB - Virtual size: 137KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 15KB - Virtual size: 17KB

.pdata
Size: 138KB - Virtual size: 137KB

.reloc
Size: 21KB - Virtual size: 21KB