S E N S E I[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

S E N S E I.zip
Size

9.7MB
MD5

67976823f8390734387f461e62a254fc
SHA1

be7fbd9c56e361e27937a3f08d4804a97495b67c
SHA256

6905670d22a26bdc05e8c85a35d66685761d6ae1ca15021c7468cf80a2d49631
SHA512

5dce31137d9c21eab10098c00f2b657fc2702ab3b426fe16fd7d7869edd54b115c0e48ab26854867926cbd5d58a5f641d22a2435b7bc5a1bd9595dd3b64e6eba
SSDEEP

196608:+yeILLpgeZvqjhrL9R4OLdeKn+KafdWvoRWa5qKcOkLC3dO0rgNd1:7Z0rL34+h+KQdWeyKJOg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/S E N S E I/S-E-N-S-E-I.dll
unpack001/S E N S E I/injector.dll
unpack001/S E N S E I/sensei.dll
unpack001/S E N S E I/senseiloader.exe

Files

S E N S E I.zip
.zip

Password: AC7D113A7525437A
S E N S E I/S-E-N-S-E-I.dll
.dll windows:4 windows x86 arch:x86

Password: AC7D113A7525437A

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
S E N S E I/autoexec.lnk
.lnk
S E N S E I/injector.dll
.dll windows:6 windows x86 arch:x86

Password: AC7D113A7525437A

d588e0751eeca8d75865b11d7d0b6027

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CreateToolhelp32Snapshot
GetExitCodeThread
CloseHandle
Module32FirstW
GetProcAddress
VirtualAllocEx
GetFileAttributesW
ReadProcessMemory
GetModuleHandleW
WideCharToMultiByte
CreateRemoteThread
Module32NextW
VirtualFreeEx
SetUnhandledExceptionFilter
WaitForSingleObject
LocalFree
WriteProcessMemory
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
_except_handler4_common
memset
__std_type_info_destroy_list
_CxxThrowException
__std_exception_copy
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table

Exports

Exports

_inject_dll@8
_is_injected@12
_pass_console_input@16
_run_script@16

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
S E N S E I/sensei.dll
.dll windows:6 windows x86 arch:x86

Password: AC7D113A7525437A

615138fe2fa1806ffa5686c81568e1f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ClientToScreen
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

ws2_32

WSACleanup

crypt32

CertAddCertificateContextToStore

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

shell32

SHGetFolderPathW

imm32

ImmGetContext

d3dcompiler_47

D3DCompile

advapi32

CryptAcquireContextA

wldap32

ord301

normaliz

IdnToAscii

bcrypt

BCryptGenRandom

wtsapi32

WTSSendMessageW

Exports

Exports

queue_script
send_console_input

Sections

.text
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: - Virtual size: 348B

.asd10
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.asd11
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
S E N S E I/senseiloader.exe
.exe windows:4 windows x64 arch:x64

Password: AC7D113A7525437A

60632961ad1c97af7eaf5149cc8295ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

crypt32

CryptUnprotectData

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AreFileApisANSI
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSection
InitializeProcThreadAttributeList
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetStdHandle
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteFileEx
RaiseException
RtlAddFunctionTable
RtlUnwindEx
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__C_specific_handler

advapi32

OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_endthreadex
_errno
_fmode
_fpreset
_initterm
_localtime64
_onexit
abort
calloc
clock
exit
fflush
fprintf
fputc
free
fwrite
log
malloc
memcmp
memcpy
memmove
memset
qsort
realloc
signal
strcmp
strcspn
strlen
strncmp
strrchr
strspn
vfprintf

ntdll

NtCreateFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

Sections

.text
Size: 11.7MB - Virtual size: 11.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
S E N S E I/workspace.lnk.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: AC7D113A7525437A

Password: AC7D113A7525437A

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 234KB - Virtual size: 233KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: AC7D113A7525437A

d588e0751eeca8d75865b11d7d0b6027

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 1024B - Virtual size: 688B

Password: AC7D113A7525437A

615138fe2fa1806ffa5686c81568e1f8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

crypt32

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

shell32

imm32

d3dcompiler_47

advapi32

wldap32

normaliz

bcrypt

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 3.7MB

.rdata Size: - Virtual size: 1.9MB

.data Size: - Virtual size: 381KB

.00cfg Size: - Virtual size: 8B

.tls Size: - Virtual size: 4KB

.voltbl Size: - Virtual size: 348B

.asd10 Size: - Virtual size: 2.1MB

.asd11 Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 223B

Password: AC7D113A7525437A

60632961ad1c97af7eaf5149cc8295ec

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

advapi32

bcrypt

.text
Size: 234KB - Virtual size: 233KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 1024B - Virtual size: 688B

.text
Size: - Virtual size: 3.7MB

.rdata
Size: - Virtual size: 1.9MB

.data
Size: - Virtual size: 381KB

.00cfg
Size: - Virtual size: 8B

.tls
Size: - Virtual size: 4KB

.voltbl
Size: - Virtual size: 348B

.asd10
Size: - Virtual size: 2.1MB

.asd11
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 223B

.text
Size: 11.7MB - Virtual size: 11.7MB

.data
Size: 31KB - Virtual size: 28KB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.pdata
Size: 419KB - Virtual size: 418KB

.xdata
Size: 321KB - Virtual size: 321KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 57KB - Virtual size: 57KB