Desktop[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Desktop.rar
Size

3.0MB
MD5

2799a6587a1ea88c042c63e952f883f3
SHA1

43f5f2717fc65dc56dc92bc2fb485848949b92e8
SHA256

5c38c1460c5fe6323f67939e4081759856a046c296b301711928a4878fd7737e
SHA512

909df600c47b7e8c4dfa86e6701f2522b7b72296582fee5111eb8980538aab5b9f43672e454e157ab89e32bf9a2c01f191afacf2db9157380cbee508b2aa404c
SSDEEP

49152:brEMIhfcRls/821xYtAbDsLdfOD3hrtT15B7dwbWysD215QW6S3pXojN3LTsmrzw:nRsUUSAbECRBnCsDen3p6NbTskrY//v

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/final.dll
unpack001/sqlite3.dll

Files

Desktop.rar
.rar
dbl.log
dump.log
final.dll
.dll windows:6 windows x86

28d007b0687640464472d7d3c816554e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileType
EnterCriticalSection
GetACP
SetFilePointer
LocalFree
CloseHandle
VirtualProtectEx
TlsAlloc
GetTickCount
ReadProcessMemory
GetThreadContext
SetThreadContext
VirtualFree
GetFileSize
GetStartupInfoW
ExitProcess
GetFileAttributesW
SetCurrentDirectoryW
InitializeCriticalSection
VirtualAlloc
WriteProcessMemory
RtlUnwind
GetCPInfo
GetSystemInfo
GetCommandLineW
ResumeThread
GetProcAddress
LeaveCriticalSection
EnumSystemLocalesW
VirtualAllocEx
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
ReadFile
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
TlsFree
CreateProcessW
GetConsoleOutputCP
GetConsoleCP
SetLastError
GetModuleFileNameW
GetLastError
lstrlenW
CompareStringW
SetEndOfFile
WideCharToMultiByte
MultiByteToWideChar
FindClose
LoadLibraryA
ResetEvent
SetEvent
GetLocaleInfoW
CreateFileW
GetVersion
RaiseException
FormatMessageW
OpenProcess
SwitchToThread
GetLocalTime
WaitForSingleObject
WriteFile
DeleteCriticalSection
TlsGetValue
IsValidLocale
TlsSetValue
TerminateProcess
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
CreateEventW
GetThreadLocale
Sleep
SetThreadLocale

psapi

EnumProcesses

user32

CharUpperBuffW
CharNextW
CharLowerBuffW
LoadStringW
CharUpperW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

ntdll

NtUnmapViewOfSection

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sdk.log
sqlite3.dll
.dll windows:4 windows x86

596770193a7f877d586dad91b1eeebc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_onexit
localtime
calloc
fprintf
free
fwrite
malloc
memcmp
memmove
qsort
realloc
strcmp
strcspn
strlen
strncmp
strrchr
_unlock
abort
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_fts3_may_be_corrupt
sqlite3_fts5_may_be_corrupt
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 611KB - Virtual size: 610KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 617B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28d007b0687640464472d7d3c816554e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

user32

oleaut32

advapi32

ntdll

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.itext Size: 58KB - Virtual size: 57KB

.data Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 23KB

.idata Size: 3KB - Virtual size: 2KB

.didata Size: 512B - Virtual size: 456B

.edata Size: 512B - Virtual size: 120B

.rdata Size: 512B - Virtual size: 69B

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 5KB - Virtual size: 5KB

596770193a7f877d586dad91b1eeebc1

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 611KB - Virtual size: 610KB

.data Size: 7KB - Virtual size: 6KB

.rdata Size: 73KB - Virtual size: 72KB

.bss Size: - Virtual size: 2KB

.edata Size: 8KB - Virtual size: 8KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 13KB

/4 Size: 1024B - Virtual size: 728B

/19 Size: 38KB - Virtual size: 38KB

/31 Size: 7KB - Virtual size: 6KB

/45 Size: 7KB - Virtual size: 6KB

/57 Size: 2KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 617B

/81 Size: 7KB - Virtual size: 7KB

/92 Size: 1024B - Virtual size: 656B

.text
Size: 148KB - Virtual size: 147KB

.itext
Size: 58KB - Virtual size: 57KB

.data
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 3KB - Virtual size: 2KB

.didata
Size: 512B - Virtual size: 456B

.edata
Size: 512B - Virtual size: 120B

.rdata
Size: 512B - Virtual size: 69B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 5KB - Virtual size: 5KB

.text
Size: 611KB - Virtual size: 610KB

.data
Size: 7KB - Virtual size: 6KB

.rdata
Size: 73KB - Virtual size: 72KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 8KB - Virtual size: 8KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

/4
Size: 1024B - Virtual size: 728B

/19
Size: 38KB - Virtual size: 38KB

/31
Size: 7KB - Virtual size: 6KB

/45
Size: 7KB - Virtual size: 6KB

/57
Size: 2KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 617B

/81
Size: 7KB - Virtual size: 7KB

/92
Size: 1024B - Virtual size: 656B