General

  • Target

    6a2981eebe72361fff9f6161d582b7554d04fa0dc691a0d5b85a096910c481cb.zip.zip

  • Size

    24.0MB

  • MD5

    257ae3d80ade134abd831fceabe5b88e

  • SHA1

    852f42ebc1dc54292ccdbff92edfbd90dc176299

  • SHA256

    613850531c1be81e10bac5cf8438b48612444ad084b931d707ce5786d574986b

  • SHA512

    06ef4105b40d26ea9306179d7720f00967db74375855c9e1bff0f608cab32c8e4121efc93c0c5a2fef1e44eab8c1622e37e2b0c794d4040aba15c9d90d441901

  • SSDEEP

    393216:1u4JG3pPQlAcge9tyyY64beEkJ0EpE3279U1McxqgNQ24orfBo6rTd2Sik:BGhQl5g4FYPypE32ZeMYqexo0Td2A

Score
3/10

Malware Config

Signatures

  • Unsigned PE 48 IoCs

    Checks for missing Authenticode signature.

Files

  • 6a2981eebe72361fff9f6161d582b7554d04fa0dc691a0d5b85a096910c481cb.zip.zip
    .zip

    Password: infected

  • 6a2981eebe72361fff9f6161d582b7554d04fa0dc691a0d5b85a096910c481cb.zip
    .zip
  • AWSSDK.Core.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • AWSSDK.SecurityToken.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Agent.deps.json
  • Agent.dll
    .exe windows:4 windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Agent.exe
    .exe windows:6 windows x64

    6dbf27f4c70fe2c8ed3e0122ba75d641


    Headers

    Imports

    Sections

  • Agent.runtimeconfig.json
  • AudioSwitcher.AudioApi.CoreAudio.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • AudioSwitcher.AudioApi.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Core.Logger.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • DnsClient.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • EmbedIO.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • EmbedIO.xml
    .xml
  • GpuLoadWatcher.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • GpuLoadWatcher.pdb
  • GpuProcessInfo.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • GpuProcessInfo.pdb
  • HTTPProtorol.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • HTTPProtorol.dll.config
  • HTTPProtorol.pdb
  • HidSharp.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • JsonFlatFileDataStore.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • JsonFlatFileDataStore.xml
    .xml
  • LibreHardwareMonitorLib.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Logger.Serilog.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Logger.Serilog.pdb
  • Microsoft.AspNetCore.Authentication.JwtBearer.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.AspNetCore.JsonPatch.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.AspNetCore.Mvc.NewtonsoftJson.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.Bcl.AsyncInterfaces.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.Bcl.HashCode.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.EntityFrameworkCore.Abstractions.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.EntityFrameworkCore.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.Extensions.DependencyModel.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.IdentityModel.JsonWebTokens.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.IdentityModel.Logging.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.IdentityModel.Protocols.OpenIdConnect.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.IdentityModel.Protocols.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.IdentityModel.Tokens.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.OpenApi.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Microsoft.Win32.SystemEvents.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • MongoDB.Bson.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • MongoDB.Driver.Core.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • MongoDB.Driver.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • MongoDB.Libmongocrypt.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.Asio.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.Core.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.Midi.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.Wasapi.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.WinMM.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • NAudio.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Newtonsoft.Json.Bson.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Newtonsoft.Json.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • OpenVR.API.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • OpenVR.API.dll.config
  • OpenVR.API.pdb
  • Sentry.Serilog.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Sentry.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.AspNetCore.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Extensions.Hosting.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Extensions.Logging.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Formatting.Compact.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Settings.Configuration.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Sinks.Console.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Sinks.Debug.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Sinks.File.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Sinks.MongoDB.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.Sinks.PeriodicBatching.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Serilog.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • SharpCompress.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Snappier.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Swan.AspNetCore.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Swan.Lite.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Swashbuckle.AspNetCore.Swagger.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Swashbuckle.AspNetCore.SwaggerGen.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Swashbuckle.AspNetCore.SwaggerUI.dll
    .dll .js windows:4 windows x86
  • System.CodeDom.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Configuration.ConfigurationManager.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Diagnostics.PerformanceCounter.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Drawing.Common.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.IO.Ports.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.IdentityModel.Tokens.Jwt.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Management.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Runtime.Caching.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Security.Cryptography.ProtectedData.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Security.Permissions.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • System.Windows.Extensions.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Tracking.ini
  • TrackingDevicesController.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • TrackingDevicesController.pdb
  • YamlDotNet.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • ZstdSharp.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • appsettings.json
  • devcon/win64/devcon.exe
    .exe windows:10 windows x64

    a0225eb3236ea941773b705076ada2af


    Headers

    Imports

    Sections

  • ianvio.ico
  • openvr/bin/win32/openvr_api.dll
    .dll windows:6 windows x86

    941ac4098efaadc034a01417899ac5a1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • openvr/bin/win64/openvr_api.dll
    .dll windows:6 windows x64

    2204ca942650a4fb68795a4be3467970


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/linux-arm/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/linux-arm/native/libMonoPosixHelper.so
    .elf linux arm
  • runtimes/linux-arm/native/libSystem.IO.Ports.Native.so
    .elf linux arm
  • runtimes/linux-arm64/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/linux-arm64/native/libMonoPosixHelper.so
    .elf linux aarch64
  • runtimes/linux-arm64/native/libSystem.IO.Ports.Native.so
    .elf linux aarch64
  • runtimes/linux-armel/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/linux-armel/native/libMonoPosixHelper.so
    .elf linux arm
  • runtimes/linux-x64/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/linux-x64/native/libMonoPosixHelper.so
    .elf linux x64
  • runtimes/linux-x64/native/libSystem.IO.Ports.Native.so
    .elf linux x64
  • runtimes/linux-x86/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/linux-x86/native/libMonoPosixHelper.so
    .elf linux x86
  • runtimes/linux/native/libmongocrypt.so
    .elf linux x64
  • runtimes/osx-arm64/native/libSystem.IO.Ports.Native.dylib
    .macho macos
  • runtimes/osx-x64/native/libSystem.IO.Ports.Native.dylib
    .macho macos
  • runtimes/osx/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/osx/native/libMonoPosixHelper.dylib
    .macho macos
  • runtimes/osx/native/libmongocrypt.dylib
    .macho macos
  • runtimes/unix/lib/net6.0/System.IO.Ports.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win-x64/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win-x64/native/MonoPosixHelper.dll
    .dll windows:6 windows x64

    9c5f50f678d576a77719753fbd013f5a


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/win-x64/native/libMonoPosixHelper.dll
    .dll windows:4 windows x64

    74297f3084f7c9d92773723399240fb4


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/win-x86/lib/netstandard2.0/Mono.Posix.NETStandard.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win-x86/native/MonoPosixHelper.dll
    .dll windows:4 windows x86

    e680c9bea8816bf92214c3f9ab5d21df


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/win-x86/native/libMonoPosixHelper.dll
    .dll windows:4 windows x86

    b4eb4252d6b64d59a82ec68e7478f9e2


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • runtimes/win/lib/net6.0/Microsoft.Win32.SystemEvents.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/net6.0/System.Diagnostics.PerformanceCounter.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/net6.0/System.Drawing.Common.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/net6.0/System.IO.Ports.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/net6.0/System.Runtime.Caching.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/net6.0/System.Security.Cryptography.ProtectedData.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/net6.0/System.Windows.Extensions.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/lib/netcoreapp2.0/System.Management.dll
    .dll windows:4 windows x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • runtimes/win/native/mongocrypt.dll
    .dll windows:6 windows x64

    d372b9fc93c96a13c769b1ac6c49679a


    Headers

    Imports

    Exports

    Sections