R3nzSkin[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

R3nzSkin.zip
Size

532KB
MD5

7bd3f5ae85f7d76634e1be4d50ae22b8
SHA1

822bb4c2af9de17a689b4d1154fd5d4f374adc40
SHA256

2acd2ec55f2d9a6119aaccd1c019ac81f4114b02f13b969d5a6d4234241fcd61
SHA512

c1a45cf96a4bc3f356baf4cc9b665e2bf9c5f62923a0928301f8a542b525c41bde77efc03886444715e9ccf2775ce87a85698ca2055d3e16be02c7535d745f37
SSDEEP

12288:9aCfaB4oMHUnZGgQSsXEo+a3M7uww51JTuJngeBINo8zJu:9aLTnZGgu0MOw3ExjF8zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/R3nzSkin.dll
unpack001/R3nzSkin_Injector.exe

Files

R3nzSkin.zip
.zip
R3nzSkin.dll
.dll windows:6 windows x64 arch:x64

1d3ae125c9fa70b475946ee6ae658c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleW
VirtualQuery
DisableThreadLibraryCalls
GetCurrentThread
CloseHandle
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetProcAddress
IsValidCodePage
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
QueryPerformanceFrequency
GlobalUnlock
FlsAlloc
HeapAlloc
HeapFree
GetConsoleMode
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
GetACP
MultiByteToWideChar
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
Sleep
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
RtlUnwind

user32

CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
SetWindowLongW
MessageBoxA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3nzSkin_Injector.exe
.exe windows:6 windows x64 arch:x64

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
_Thrd_sleep
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Xtime_get_ticks
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?tolower@?$ctype@D@std@@QEBADD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_counter
_Query_perf_frequency
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Xbad_alloc@std@@YAXXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Incref@facet@locale@std@@UEAAXXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_cexit
_beginthreadex
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
fwrite
fputc
ungetc
fgetc
_fseeki64
fgetpos
fsetpos
setvbuf
fread
fclose
fflush

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
_callnewh

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

vcruntime140

memcpy
__std_exception_destroy
__std_exception_copy
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
memmove
__FrameUnwindFilter
__current_exception
__current_exception_context
_CxxThrowException
strchr

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64

mscoree

_CorExeMain

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d3ae125c9fa70b475946ee6ae658c12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

imm32

d3dcompiler_47

Sections

.text Size: 564KB - Virtual size: 563KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 25KB - Virtual size: 24KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 3KB - Virtual size: 2KB

2024c777d3a5520875560d33b67cf40b

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

vcruntime140

advapi32

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

mscoree

Sections

.text Size: 93KB - Virtual size: 93KB

.nep Size: 1024B - Virtual size: 656B

.rdata Size: 194KB - Virtual size: 194KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 512B - Virtual size: 168B

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 1024B - Virtual size: 680B

.text
Size: 564KB - Virtual size: 563KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 25KB - Virtual size: 24KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.nep
Size: 1024B - Virtual size: 656B

.rdata
Size: 194KB - Virtual size: 194KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 512B - Virtual size: 168B

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 1024B - Virtual size: 680B