minty[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

minty.zip
Size

11.5MB
MD5

a5406231008b37a567e549bb3706b3b7
SHA1

492aa07f8b106c0fa65c1e74ee7645842dfd5912
SHA256

d39676d51022384a69988d65cda4c6206821aea2f624c0d11f1e09980618d877
SHA512

0a8af49949a5f48e6d53c04b4591a3e2bc757f50b2420f80a87edf6458e90ad9d51b8a8ea805422c26a6499d02c546f3218e68bd38318a1c1babdb2a0558a702
SSDEEP

196608:9+pVbbyqYd5WmongC4CzBlGUHK3IPKHK3+sFqIMWkGnGIMnPVz1PiT4RdPzIspO3:MpVbbyqSOngC4CzVHPsTIM6GrtF3RhzG

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Launcher.exe
unpack001/minty.dll

Files

minty.zip
.zip
Launcher.exe
.exe windows:6 windows x64 arch:x64

e3f3700aa4e91a1472ccab22b35581f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteProcessMemory
GetModuleHandleExW
GetModuleFileNameW
WaitForSingleObject
ResumeThread
GetExitCodeThread
GetLastError
SetEndOfFile
GetProcAddress
VirtualAllocEx
GetModuleHandleW
CreateRemoteThread
CreateProcessA
VirtualFreeEx
WriteConsoleW
CloseHandle
GetCurrentProcess
GetCurrentDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageA
GetLocaleInfoEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetExitCodeProcess
CreateProcessW
ReadFile
ReadConsoleW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize

comdlg32

GetOpenFileNameA

Sections

.text
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
minty.dll
.dll windows:6 windows x64 arch:x64

8a68fb5b35ea7c7d951d68ec7d7d8a1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

FindResourceA
LockResource
LoadResource
AllocConsole
Sleep
SetConsoleTextAttribute
GetStdHandle
GetModuleFileNameA
GetCurrentProcess
CreateFileA
GetProcAddress
lstrcmpiW
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
FreeLibrary
QueryPerformanceCounter
LoadLibraryExA
FormatMessageA
CreateThread
GetCurrentThreadId
QueueUserAPC
GetModuleHandleW
OpenThread
FreeResource
GetCurrentThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
AreFileApisANSI
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
CreateFileW
PeekNamedPipe
WriteFile
ReadFile
LocalFree
GetLocaleInfoEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleA
TerminateProcess
GetTickCount64
SuspendThread
GetConsoleWindow

user32

GetClientRect
SetCursor
SetCapture
GetForegroundWindow
CloseClipboard
TrackMouseEvent
ClientToScreen
GetCapture
EmptyClipboard
ReleaseCapture
LoadCursorA
GetMessageExtraInfo
GetKeyState
FindWindowA
SetCursorPos
IsWindowUnicode
GetClipboardData
SetClipboardData
ShowWindow
ScreenToClient
CallWindowProcA
DefWindowProcA
EnumWindows
CreateWindowExA
SetWindowLongPtrA
RegisterClassExA
GetClassNameA
GetWindowThreadProcessId
GetCursorPos
OpenClipboard

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteA

msvcp140

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?uncaught_exceptions@std@@YAHXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0_Lockit@std@@QEAA@H@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
_Mtx_current_owns
_Cnd_init_in_situ
_Cnd_timedwait
_Cnd_do_broadcast_at_thread_exit
_Xtime_get_ticks
_Cnd_broadcast
??1_Lockit@std@@QEAA@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Winerror_map@std@@YAHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
_Query_perf_frequency
_Query_perf_counter
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtProtectVirtualMemory
NtQuerySection

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memcmp
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
strstr
strchr
longjmp
strrchr
memcpy
memset
__current_exception
__current_exception_context
_CxxThrowException
__intrinsic_setjmp
__std_type_info_destroy_list
memchr

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

strerror
system
abort
_wassert
terminate
exit
_errno
_invalid_parameter_noinfo
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vfprintf
tmpnam
fputc
fflush
fclose
__acrt_iob_func
fgetc
fwrite
fread
__stdio_common_vsprintf
fgetpos
__stdio_common_vsprintf_s
_get_stream_buffer_pointers
setvbuf
_ftelli64
_popen
tmpfile
fsetpos
_pclose
clearerr
fgets
getc
fopen
ferror
freopen
ftell
fseek
_wfopen
ungetc
feof
__stdio_common_vsscanf
_fseeki64

api-ms-win-crt-convert-l1-1-0

strtod
strtoul
atof
strtoll
strtoull

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
rename
remove

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
setlocale

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_gmtime64
_difftime64
clock
_localtime64
strftime

api-ms-win-crt-string-l1-1-0

strncmp
isblank
isspace
strspn
islower
ispunct
isdigit
isupper
toupper
isxdigit
strpbrk
isgraph
isalnum
tolower
isalpha
iscntrl
strcmp
strcoll
strncpy

api-ms-win-crt-math-l1-1-0

ldexp
sqrt
sinf
sin
powf
tan
pow
logf
log10
log
_dclass
acos
acosf
asin
atan2
atan2f
ceil
ceilf
sqrtf
cos
cosf
_dsign
exp
floor
floorf
fmodf
fmod
frexp

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 1022KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3f3700aa4e91a1472ccab22b35581f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comdlg32

Sections

.text Size: 279KB - Virtual size: 278KB

.rdata Size: 87KB - Virtual size: 87KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 3KB - Virtual size: 2KB

8a68fb5b35ea7c7d951d68ec7d7d8a1e

Headers

DLL Characteristics

File Characteristics

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

msvcp140_codecvt_ids

ntdll

imm32

d3dcompiler_47

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 1022KB - Virtual size: 1022KB

.rdata Size: 10.5MB - Virtual size: 10.5MB

.data Size: 112KB - Virtual size: 352KB

.pdata Size: 50KB - Virtual size: 50KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 8.4MB - Virtual size: 8.4MB

.reloc Size: 31KB - Virtual size: 30KB

.text
Size: 279KB - Virtual size: 278KB

.rdata
Size: 87KB - Virtual size: 87KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 1022KB - Virtual size: 1022KB

.rdata
Size: 10.5MB - Virtual size: 10.5MB

.data
Size: 112KB - Virtual size: 352KB

.pdata
Size: 50KB - Virtual size: 50KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 8.4MB - Virtual size: 8.4MB

.reloc
Size: 31KB - Virtual size: 30KB