DSD[.]zip | Triage

Resubmissions

26/11/2023, 15:14

231126-smf8gaab28 3

Sharing

Copy URL

Twitter E-mail

General

Target

DSD.zip
Size

304KB
MD5

f2e9280d38753bd5676707a31a595049
SHA1

ce4e9dcf9bb83175a3ee8239e53ce959eb7b19c5
SHA256

7e7c2a086b129b96e00a7dce434cc46210828ab23f784782a2e8d4fead5d94ef
SHA512

18c5339a7dce55ccc40f5ca0fc7b975c150259976e9d4f402badf2914d0d2640b953e9ba1ae968a7dbdd3401e52dd438c1386982642e2612433bcde5d55f7b79
SSDEEP

6144:8ahZKvE9TNCbCeYsGPjVXTiQqaQVrtkTKkprqAjwge0ul2:8aH4EhNUCeAPBgVtlcwLc

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DivXConverter.dll
unpack001/DivXConverter.exe

Files

DSD.zip
.zip

Password: infected
DivXConverter.dll
.dll windows:6 windows x86 arch:x86

Password: infected

749e342ddd739023802f53787ddda7bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
Sleep
GetModuleFileNameA
lstrcatA
CreateFileA
GetFileSize
ReadFile
CreateThread
VirtualProtect
HeapFree
VirtualFree
VirtualAlloc
LoadLibraryA
HeapAlloc
GetProcAddress
GetProcessHeap
FreeLibrary
IsBadReadPtr
WriteConsoleW
CreateFileW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
InterlockedFlushSList
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

user32

FindWindowA
SendMessageA

shlwapi

PathRemoveFileSpecA

Exports

Exports

cloneRegistrationToGlobalStorage
divXLicenseInit
divXLicenseRelease
divxCleanup
divxMain
divxStartup
getLicenseState
getRemainingTrialLength
isValidSerialNumber
registerGUIDSerialNumber
registerSerialNumber
registerSerialNumberElevated
serialNumberMatchesLicenseID
wrapper_isValidSerialNumber

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DivXConverter.exe
.exe windows:5 windows x86 arch:x86

Password: infected

0c86cbb86a9ab48d4d410e97ec3d9ee7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
WaitForSingleObject
CloseHandle
CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
OpenEventW
DeleteCriticalSection
GetCommandLineW
LocalFree
CreateProcessW
TerminateProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
CreateEventW
DeleteFileW
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
EncodePointer
DecodePointer
GetLastError
RemoveDirectoryW
CreateDirectoryW
HeapSetInformation
GetStartupInfoW
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetProcAddress
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
RtlUnwind
WideCharToMultiByte
LCMapStringW
LoadLibraryW

user32

wsprintfW

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

shell32

CommandLineToArgvW

wininet

InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
InternetOpenUrlW

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dat.dat

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

749e342ddd739023802f53787ddda7bc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 212B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 3KB

Password: infected

0c86cbb86a9ab48d4d410e97ec3d9ee7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 212B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 6KB - Virtual size: 5KB