428cdbcf3daad28eb4e1fe6ccf2e8aa3715690f9b928110ac4b6d5d8471a58f6[.]zip[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

428cdbcf3daad28eb4e1fe6ccf2e8aa3715690f9b928110ac4b6d5d8471a58f6.zip.zip
Size

3.2MB
MD5

f7fe3cfe4be33178550a648398182183
SHA1

d2ff1da83209131e03aa8e5e9724ebd5306e9418
SHA256

bcbbd9a0d217875c61ad82fc9b1820a423ec63833661a75a1fb934103f49d5cd
SHA512

b9d9010cc3846ed3faf2c6076b2f6c713abd3226f2dce54eed210f0d099296e739cd33638a3fc8664a27a0f34ab2515b63a9b00ae9b59622d31fb9016da2e1cb
SSDEEP

98304:UJCYlpoBXq4xYXJJwpDm7i45bhyR3QziecNt2hnW+t8:UAoKDYfwpCpbEOzivGVW+t8

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack002/SD_WinWS.dll
unpack002/eaf.exe
unpack002/websocket-sharp.dll

Files

428cdbcf3daad28eb4e1fe6ccf2e8aa3715690f9b928110ac4b6d5d8471a58f6.zip.zip
.zip

Password: infected
428cdbcf3daad28eb4e1fe6ccf2e8aa3715690f9b928110ac4b6d5d8471a58f6.zip
.zip
SD_WinWS.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

RegisterCallbacks
SD_WinWS_Connect
SD_WinWS_Disconnect
SD_WinWS_Send
SD_WinWS_SendBinary

Sections

.text
Size: 924KB - Virtual size: 924KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
data.win
eaf.exe
.exe windows:6 windows x86

c17b24cb8326c8001ecfcf47c81faba4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCanonicalizeUrlA
InternetWriteFile
InternetConnectA
InternetCrackUrlA
HttpEndRequestW
HttpQueryInfoA
InternetGetConnectedState

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

dbghelp

MiniDumpWriteDump
SymInitialize
SymFromAddr

winmm

mciSendStringA
joyGetPosEx
joyGetPos
joyGetDevCapsA
mciGetErrorStringA

ws2_32

gethostname
socket
shutdown
setsockopt
send
recvfrom
recv
listen
inet_ntoa
inet_addr
WSAStartup
ioctlsocket
connect
closesocket
bind
accept
getpeername
select
__WSAFDIsSet
ntohs
ntohl
htons
htonl
WSACleanup
WSAGetLastError
WSAAddressToStringA
getaddrinfo
getsockopt
freeaddrinfo
sendto

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

FindFirstFileExA
GetFullPathNameA
SetCurrentDirectoryW
HeapReAlloc
GetTimeZoneInformation
MoveFileExW
SetFilePointerEx
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
DecodePointer
EncodePointer
GetStringTypeW
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
PeekNamedPipe
GetFileType
GetDriveTypeW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
ReadFile
SetFileAttributesW
GetFileAttributesExW
GetModuleHandleExW
HeapWalk
HeapValidate
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
FindNextFileA
IsValidCodePage
InitializeSListHead
GetSystemTimeAsFileTime
RaiseException
GetStartupInfoW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
CloseHandle
WaitForSingleObjectEx
CreateEventExW
OutputDebugStringA
MultiByteToWideChar
GetConsoleWindow
GetLastError
GetOEMCP
DeleteFileW
GetFullPathNameW
SetLastError
CreateThread
GetExitCodeThread
GetModuleHandleW
LocalFree
FormatMessageW
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetEnvironmentVariableW
CreateDirectoryW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
Sleep
GetExitCodeProcess
CreateProcessW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetTickCount
CreateWaitableTimerW
GetCurrentProcess
GetCurrentThread
SetThreadPriority
SetPriorityClass
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
ExitProcess
lstrlenA
GetCommandLineW
ExpandEnvironmentStringsW
CreateFileW
SetUnhandledExceptionFilter
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
MoveFileA
LeaveCriticalSection
EnterCriticalSection
RtlCaptureStackBackTrace
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringW
WriteConsoleW
SetEndOfFile
GetCurrentDirectoryW
HeapSize
InitializeCriticalSectionAndSpinCount

user32

GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
GetDC
ReleaseDC
SetWindowTextW
ScreenToClient
MoveWindow
SetCursorPos
ClientToScreen
MapWindowPoints
GetActiveWindow
GetCursorPos
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
GetAsyncKeyState
keybd_event
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
EndDialog
SetWindowTextA
MessageBoxA
SetDlgItemTextA
PeekMessageW
IsDialogMessageW
SetProcessDPIAware
GetForegroundWindow
UpdateWindow
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
LoadCursorW
CallNextHookEx
SetCursor
AdjustWindowRectEx
GetWindowRect
GetClientRect
SetForegroundWindow
GetSystemMetrics
ReleaseCapture
SetCapture
GetKeyState
SetFocus
DialogBoxParamW
CreateDialogParamW
GetFocus
BringWindowToTop
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
MessageBoxW
GetRawInputDeviceList
GetRawInputDeviceInfoA
LoadImageW

gdi32

GetDeviceCaps
DeleteObject
SelectObject
CreateFontA

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoCreateFreeThreadedMarshaler

dwmapi

DwmGetCompositionTimingInfo

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 921KB - Virtual size: 921KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 553KB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

minATL
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
options.ini
websocket-sharp.dll
.dll windows:4 windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Exports

Exports

Sections

.text Size: 924KB - Virtual size: 924KB

.sdata Size: 512B - Virtual size: 213B

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 20B

c17b24cb8326c8001ecfcf47c81faba4

Headers

DLL Characteristics

File Characteristics

Imports

wininet

dxgi

d3d11

dbghelp

winmm

ws2_32

gdiplus

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dwmapi

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 921KB - Virtual size: 921KB

.data Size: 553KB - Virtual size: 2.9MB

minATL Size: 512B - Virtual size: 12B

.mydata Size: 512B - Virtual size: 8B

.gfids Size: 512B - Virtual size: 368B

_RDATA Size: 2KB - Virtual size: 1KB

.rsrc Size: 173KB - Virtual size: 172KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 246KB - Virtual size: 245KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 924KB - Virtual size: 924KB

.sdata
Size: 512B - Virtual size: 213B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 20B

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 921KB - Virtual size: 921KB

.data
Size: 553KB - Virtual size: 2.9MB

minATL
Size: 512B - Virtual size: 12B

.mydata
Size: 512B - Virtual size: 8B

.gfids
Size: 512B - Virtual size: 368B

_RDATA
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 173KB - Virtual size: 172KB

.text
Size: 246KB - Virtual size: 245KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B