53af3a14324fb3993d9614b5b7f7f120

Sharing

Copy URL Twitter E-mail

General

Target

53af3a14324fb3993d9614b5b7f7f120
Size

245KB
MD5

53af3a14324fb3993d9614b5b7f7f120
SHA1

28abf6f3df53c0cd5119f5f258d9ad07695b9d8b
SHA256

ed4ff0d1ba6fab5e9586cb74d4e8715233e6fd6330ea35fb092096040cb7593c
SHA512

95f9c329645802da2f80a154d7bdb227e5e3920d854df95443bfee7c3dbfcc442937b62bf18c33cade4c8b64144adcc1ec82dc1335fedfa29148299acc0c73c1
SSDEEP

6144:V9AGKAVTh/XyX42ygHeuh5brEoKvH3rAlQT9g6vBsB:HDVpCXm4trCkliN5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/voidozer/VoidozerFace.exe
unpack001/voidozer/cygwin1.dll
unpack001/voidozer/voidozer.exe

Files

53af3a14324fb3993d9614b5b7f7f120
.rar
CYBER$kin.txt
voidozer/VoidozerFace.exe
.exe windows:4 windows x86 arch:x86

1a39fe14a59207f2696866702d0428fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaObjSet
ord595
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaVarTstEq
__vbaAryConstruct
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
voidozer/cygwin1.dll
.dll windows:4 windows x86 arch:x86

750617c79d617242c2a7fbf97c7ba6e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
IsValidSecurityDescriptor
IsValidSid
LookupAccountNameA
LookupAccountSidA
LookupPrivilegeValueA
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
ReportEventA
SetKernelObjectSecurity
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CreateProcessAsUserA
DeregisterEventSource
GetFileSecurityA
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameA
InitializeSecurityDescriptor

kernel32

Beep
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FreeEnvironmentStringsA
FreeLibrary
GetCommState
GetCommTimeouts
GetCommandLineA
GetComputerNameA
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleA
ClearCommBreak
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetEnvironmentStringsA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
CloseHandle
GetFileSize
GetFileType
GetFullPathNameA
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetThreadContext
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
CopyFileA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
CreateDirectoryA
LeaveCriticalSection
LoadLibraryA
LockFile
LockFileEx
MapViewOfFile
MapViewOfFileEx
MoveFileA
MoveFileExA
OpenEventA
CreateEventA
OpenFileMappingA
OpenMutexA
OpenProcess
OpenSemaphoreA
OutputDebugStringA
PeekConsoleInputA
PeekNamedPipe
PurgeComm
CreateFileA
ReadConsoleInputA
CreateFileMappingA
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
ResetEvent
ResumeThread
ScrollConsoleScreenBufferA
SetCommBreak
SetCommMask
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentDirectoryA
SetEndOfFile
CreateMutexA
SetErrorMode
SetEvent
SetFileApisToOEM
SetFileAttributesA
SetFilePointer
SetFileTime
SetLastError
SetPriorityClass
SetStdHandle
SetThreadContext
SetThreadPriority
Sleep
CreatePipe
SuspendThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
CreateProcessA
TransmitCommChar
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
WideCharToMultiByte
WriteConsoleInputA
WriteFile
BackupRead
WriteProcessMemory
CreateThread
DeleteFileA
BackupSeek
DuplicateHandle
EnterCriticalSection
BackupWrite
EscapeCommFunction
ExitProcess
ExitThread

user32

DefWindowProcA
DispatchMessageA
FindWindowA
GetMessageA
GetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationA
KillTimer
CharToOemA
MessageBoxA
MsgWaitForMultipleObjects
OemToCharW
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
SendMessageA
SetTimer
SetUserObjectSecurity
CreateWindowExA

Exports

Exports

__assert
__assertfail
__cygwin_environ
__empty
__eprintf
__errno
__infinity
__main
__srget
__swbuf
__vc__10pinfo_listi
_abort
_abs
_access
_acos
_acosf
_acosh
_acoshf
_alarm
_alloca
_asctime
_asin
_asinf
_asinh
_asinhf
_atan
_atan2
_atan2f
_atanf
_atanh
_atanhf
_atexit
_atof
_atoff
_atoi
_atol
_bcmp
_bcopy
_bsearch
_bzero
_cabs
_cabsf
_calloc
_cbrt
_cbrtf
_ceil
_ceilf
_chdir
_chmod
_chown
_chroot
_clearerr
_clock
_close
_closedir
_closelog
_copysign
_copysignf
_cos
_cosf
_cosh
_coshf
_creat
_ctime
_cuserid
_cwait
_daylight
_difftime
_div
_drem
_dremf
_dup
_dup2
_ecvt
_ecvtbuf
_ecvtf
_endgrent
_endmntent
_endpwent
_erf
_erfc
_erfcf
_erff
_execl
_execle
_execlp
_execv
_execve
_execvp
_exit
_exp
_expf
_expm1
_expm1f
_fabs
_fabsf
_fchmod
_fclose
_fcntl
_fcvt
_fcvtbuf
_fcvtf
_fdopen
_feof
_ferror
_fflush
_ffs
_fgetc
_fgetpos
_fgets
_fileno
_finite
_finitef
_fiprintf
_floor
_floorf
_fmod
_fmodf
_fopen
_fork
_fprintf
_fputc
_fputs
_fread
_free
_freopen
_frexp
_frexpf
_fscanf
_fseek
_fsetpos
_fstat
_fstatfs
_fsync
_ftell
_ftime
_ftruncate
_fwrite
_gcvt
_gcvtf
_get_osfhandle
_getc
_getchar
_getcwd
_getdomainname
_getdtablesize
_getegid
_getenv
_geteuid
_getgid
_getgrent
_getgrgid
_getgrnam
_getgroups
_gethostname
_getlogin
_getmntent
_getpagesize
_getpass
_getpgrp
_getpid
_getppid
_getpwduid
_getpwent
_getpwnam
_getpwuid
_getrusage
_gets
_gettimeofday
_getuid
_getw
_getwd
_gmtime
_htonl
_htons
_hypot
_hypotf
_ilogb
_ilogbf
_index
_infinity
_infinityf
_ioctl
_iprintf
_isalnum
_isalpha
_isascii
_isatty
_iscntrl
_isdigit
_isgraph
_isinf
_isinff
_islower
_isnan
_isnanf
_isprint
_ispunct
_isspace
_isupper
_isxdigit
_kill
_labs
_ldexp
_ldexpf
_ldiv
_link
_localeconv
_localtime
_log
_log10
_log10f
_log1p
_log1pf
_logb
_logbf
_logf
_longjmp
_lseek
_lstat
_malloc
_matherr
_mblen
_mbstowcs
_mbtowc
_memccpy
_memchr
_memcmp
_memcpy
_memmove
_memset
_mkdir
_mknod
_mkstemp
_mktemp
_mktime
_modf
_modff
_mount
_nan
_nanf
_nextafter
_nextafterf
_nice
_ntohl
_ntohs
_open
_opendir
_openlog
_pathconf
_pclose
_perror
_pipe
_popen
_pow
_powf
_printf
_putc
_putchar
_putenv
_puts
_putw
_qsort
_raise
_rand
_read
_readdir
_readlink
_readv
_realloc
_regcomp
_regerror
_regexec
_regfree
_remainder
_remainderf
_remove
_rename
_rewind
_rewinddir
_rindex
_rint
_rintf
_rmdir
_sbrk
_scalb
_scalbf
_scalbn
_scalbnf
_scanf
_select
_setbuf
_setdtablesize
_setegid
_setenv
_seteuid
_setgid
_setgrent
_setjmp
_setlocale
_setmntent
_setmode
_setpassent
_setpgid
_setpgrp
_setpwent
_setsid
_settimeofday
_setuid
_setvbuf
_sigaction
_sigaddset
_sigdelset
_sigemptyset
_sigfillset
_sigismember
_signal
_significand
_significandf
_sigpending
_sigprocmask
_sigsuspend
_sin
_sinf
_sinh
_sinhf
_siprintf
_sleep
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_sprintf
_sqrt
_sqrtf
_srand
_sscanf
_stat
_statfs
_strace_wm
_strcasecmp
_strcat
_strchr
_strcmp
_strcoll
_strcpy
_strcspn
_strdup
_strerror
_strftime
_strlen
_strlwr
_strncasecmp
_strncat
_strncmp
_strncpy
_strpbrk
_strrchr
_strsep
_strspn
_strstr
_strtod
_strtodf
_strtok
_strtol
_strtoul
_strupr
_strxfrm
_swab
_symlink
_sync
_sysconf
_syslog
_system
_tan
_tanf
_tanh
_tanhf
_tcdrain
_tcflow
_tcflush
_tcgetattr
_tcgetpgrp
_tcsendbreak
_tcsetattr
_tcsetpgrp
_tempnam
_time
_times
_timezone
_tmpfile
_tmpnam
_toascii
_tolower
_toupper
_truncate
_ttyname
_tzname
_tzset
_umask
_umount
_uname
_ungetc
_unlink
_unsetenv
_usleep
_utime
_utimes
_vfiprintf
_vfork
_vfprintf
_vhangup
_vprintf
_vsprintf
_wait
_waitpid
_wcscmp
_wcslen
_wcstombs
_wctomb
_wprintf
_write
_writev
abort
abs
accept
access
acos
acosf
acosh
acoshf
alarm
asctime
asin
asinf
asinh
asinhf
atan
atan2
atan2f
atanf
atanh
atanhf
atexit
atof
atoff
atoi
atol
bcmp
bcopy
bind
bsearch
bzero
cabs
cabsf
calloc
cbrt
cbrtf
ceil
ceilf
cfgetispeed
cfgetospeed
cfsetispeed
cfsetospeed
chdir
chmod
chown
chroot
cleanup_glue
clearerr
clock
close
closedir
closelog
connect
copysign
copysignf
cos
cosf
cosh
coshf
creat
ctermid
ctime
cuserid
cwait
cygwin32_attach_handle_to_fd
cygwin32_conv_to_full_posix_path
cygwin32_conv_to_full_win32_path
cygwin32_conv_to_posix_path
cygwin32_conv_to_win32_path
cygwin32_detach_dll
cygwin32_getshared
cygwin32_internal
cygwin32_posix_path_list_p
cygwin32_posix_to_win32_path_list

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
voidozer/voidozer.exe
.exe windows:4 windows x86 arch:x86

525dc0557ada71f199732e0c6b27fcbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cygwin1

atoi
calloc
close
connect
__errno
dll_crt0__FP11per_process
dll_dllcrt0
dll_noncygwin_dllcrt0
exit
free
gethostbyname
herror
htons
__main
malloc
memcpy
perror
printf
puts
realloc
send
sleep
socket
strcmp
usleep

kernel32

GetModuleHandleA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
voidozer/voidozer.exe.core

Sharing

General

Malware Config

Signatures

Files

1a39fe14a59207f2696866702d0428fe

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 8KB

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

750617c79d617242c2a7fbf97c7ba6e5

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 380KB

.data Size: 18KB - Virtual size: 17KB

.bss Size: - Virtual size: 8KB

.edata Size: 17KB - Virtual size: 17KB

.idata Size: 6KB - Virtual size: 6KB

.reloc Size: 22KB - Virtual size: 21KB

525dc0557ada71f199732e0c6b27fcbe

Headers

File Characteristics

Imports

cygwin1

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 24B

.bss Size: - Virtual size: 208B

.idata Size: 1024B - Virtual size: 756B

.stab Size: 24KB - Virtual size: 23KB

.stabstr Size: 260KB - Virtual size: 259KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 8KB

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 380KB - Virtual size: 380KB

.data
Size: 18KB - Virtual size: 17KB

.bss
Size: - Virtual size: 8KB

.edata
Size: 17KB - Virtual size: 17KB

.idata
Size: 6KB - Virtual size: 6KB

.reloc
Size: 22KB - Virtual size: 21KB

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 24B

.bss
Size: - Virtual size: 208B

.idata
Size: 1024B - Virtual size: 756B

.stab
Size: 24KB - Virtual size: 23KB

.stabstr
Size: 260KB - Virtual size: 259KB