ssFlingTrs-259a3513[.]tar[.]gz

Resubmissions

05/01/2024, 10:49

240105-mwztaabac9 10

05/01/2024, 10:05

240105-l416msadh5 7

Sharing

Copy URL Twitter E-mail

General

Target

ssFlingTrs-259a3513.tar.gz
Size

10.2MB
MD5

337da210d94136f341c2775b0e001de2
SHA1

76df0ea1b76c767a67e283ad3d56677975b660c8
SHA256

c06e970daa87e6a037b18d40c3b3334329dbd7227c77d6425aa7154acae4a8eb
SHA512

4548e2abe98efc1de2c3533675a762eca416dc92cdef4ee26a286438e825df2513728f682786ab722b9efdc37369412d092d56e9dd48c11483656d6e8aef702e
SSDEEP

196608:reMBOHuDXAuoG4egw8p+Omn0GE1mUacLLkgGVoNKpTA6IaQVS84PuEmO76mGSz1:SMBFXxo8gRcOm81mUpyVaaQVS9mOzG61

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ssFlingTrs-259a3513.exe

Files

ssFlingTrs-259a3513.tar.gz
.gz
ssFlingTrs-259a3513.tar
.tar
ssFlingTrs-259a3513.exe
.exe windows:5 windows x64 arch:x64

01739ee5e9a377bbbe3d2d2757bd1a69

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
InitializeSecurityDescriptor
AdjustTokenPrivileges
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
CreateServiceW
UnlockServiceDatabase
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
OpenSCManagerW
LockServiceDatabase
EnumServicesStatusExW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegisterServiceCtrlHandlerExW
ChangeServiceConfig2W

user32

MessageBoxA
CharNextW
LoadStringW
TranslateMessage
SystemParametersInfoW
RegisterWindowMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
IsWindow
GetWindowThreadProcessId
GetSystemMetrics
GetDesktopWindow
FindWindowExW
DispatchMessageW
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CharLowerBuffA
CharUpperBuffA

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleW
FreeLibrary
lstrlenA
lstrlenW
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitNamedPipeW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VerLanguageNameW
UnmapViewOfFile
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetVolumeLabelW
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SearchPathW
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDosDeviceW
IsDebuggerPresent
OpenProcess
MoveFileW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryExW
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
GetVolumeInformationW
GetVersionExW
GetTickCount
GetThreadPriority
GetThreadLocale
GetSystemInfo
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLogicalDriveStringsW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FormatMessageW
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DisconnectNamedPipe
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateRemoteThread
CreateNamedPipeW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
ConnectNamedPipe
CompareStringA
CompareStringW
CloseHandle
Sleep
GetVolumePathNamesForVolumeNameW
CreateFileW
QueryDosDeviceW
CreateProcessW
CloseHandle
DeviceIoControl
Sleep
GetLastError
TerminateProcess
ExitProcess
GetCurrentProcessId
OpenProcess
GetLongPathNameW
FindVolumeClose
GetVolumePathNameW
FindNextVolumeW
FindFirstVolumeW
GetVolumeNameForVolumeMountPointW
GetVersionExW
SetVolumeMountPointW
DeleteVolumeMountPointW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

shell32

SHGetSpecialFolderPathW

cfgmgr32

CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Get_Device_IDW
CM_Get_Device_ID_Size
CM_Get_DevNode_Status

setupapi

CM_Get_Parent
CM_Locate_DevNodeW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
CM_Reenumerate_DevNode
CM_Setup_DevNode
CM_Query_And_Remove_SubTreeW
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInstallParamsW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

ntdll

NtClose
NtDuplicateObject
ZwQuerySystemInformation

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 464B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

01739ee5e9a377bbbe3d2d2757bd1a69

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

version

ole32

shell32

cfgmgr32

setupapi

ntdll

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 119KB - Virtual size: 119KB

.bss Size: - Virtual size: 39KB

.idata Size: 12KB - Virtual size: 11KB

.didata Size: 1024B - Virtual size: 896B

.tls Size: - Virtual size: 464B

.rdata Size: 512B - Virtual size: 40B

.pdata Size: 58KB - Virtual size: 57KB

.rsrc Size: 4.9MB - Virtual size: 4.9MB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 119KB - Virtual size: 119KB

.bss
Size: - Virtual size: 39KB

.idata
Size: 12KB - Virtual size: 11KB

.didata
Size: 1024B - Virtual size: 896B

.tls
Size: - Virtual size: 464B

.rdata
Size: 512B - Virtual size: 40B

.pdata
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 4.9MB - Virtual size: 4.9MB