13-01-2024_dO0bgrbWifXN4tP[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

13-01-2024_dO0bgrbWifXN4tP.zip
Size

931KB
MD5

75223326ad6e124c34f8c15f9e3ff5c4
SHA1

1b3562ffc52b0755997fd478bc35e7d5244e7fec
SHA256

829c56d934ed5ad157930f9d1725517b5627844b68134816a6eb5ce93fb21d19
SHA512

bb7fef4c922cc034798fc3d7d06f9b9478054bd0776bf3dc0c1a01792aab983f09661c4b58451d75c0fde0c25007dc92aa8884987655e58c632374d142389150
SSDEEP

24576:MIWdATBmMQ4QMQ2vnQedhLzuVwKzheJXNVRPyG1oe97SCe:UdYBYR6vnQizuhz0VPyG/SCe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/patodaslasgatas/d3d10.dll

Files

13-01-2024_dO0bgrbWifXN4tP.zip
.zip

Password: infected
patodaslasgatas/d3d10.dll
.dll windows:6 windows x64 arch:x64

Password: infected

6bc2ac5ddde9cd8f461d79dd928eb410

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp140

?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??Bios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ

user32

ScreenToClient
ClientToScreen
LoadCursorA
OpenClipboard
GetSystemMetrics
SetClipboardData
GetClipboardData
EmptyClipboard
TrackMouseEvent
GetKeyState
GetCapture
SetCapture
ReleaseCapture
IsWindowUnicode
GetForegroundWindow
GetClientRect
SetCursorPos
CallWindowProcA
CloseClipboard
SetWindowLongPtrA
IsWindowVisible
GetWindowTextA
EnumWindows
SetCursor
GetCursorPos
GetWindowThreadProcessId
MessageBoxA
GetWindow

kernel32

LocalFree
SetLastError
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
CreateFileA
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetProcessHeap
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
WinExec
OutputDebugStringW
VerifyVersionInfoA
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetModuleHandleA
GetProcAddress
LoadLibraryA
FreeLibrary
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GetLastError
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
Sleep
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetConsoleWindow
AllocConsole
FreeConsole
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameA
HeapSize
CreateThread
GetEnvironmentVariableA

imm32

ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

d3dx9_43

D3DXVec3Transform
D3DXMatrixTranspose

d3d11

D3D11CreateDeviceAndSwapChain

ws2_32

sendto
recvfrom
freeaddrinfo
ntohl
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
gethostname
bind
WSAGetLastError
send
recv
closesocket
getaddrinfo

advapi32

GetUserNameA
GetTokenInformation
GetLengthSid
OpenProcessToken
IsValidSid
CopySid
ConvertSidToStringSidA
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext

shell32

ShellExecuteA

normaliz

IdnToAscii

wldap32

ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord26
ord41
ord50
ord45
ord60
ord211
ord217
ord143
ord27
ord22
ord46

crypt32

CertFreeCertificateChainEngine
CertFreeCertificateChain
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertFindExtension
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CertGetCertificateChain

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__current_exception_context
__C_specific_handler
strchr
__std_type_info_destroy_list
strrchr
__current_exception
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcmp
strstr
memcpy
memmove
memset
__std_terminate
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_getpid
_beginthreadex
_execute_onexit_table
exit
abort
_crt_atexit
_cexit
__sys_nerr
_initterm_e
strerror
_invalid_parameter_noinfo
_configure_narrow_argv
_errno
_initterm
terminate
_resetstkoflw

api-ms-win-crt-math-l1-1-0

_dclass
ceilf
fmodf
sqrtf
pow
logf
log
cosf
sinf
acosf
atan2f
powf

api-ms-win-crt-string-l1-1-0

strspn
strcspn
strpbrk
tolower
strncmp
strcmp
strcpy_s
isupper
_strdup
strncpy

api-ms-win-crt-stdio-l1-1-0

fread
fseek
fgets
fflush
_pclose
ftell
fopen
fputs
__stdio_common_vsprintf_s
_close
fclose
fread_s
_popen
_open
fopen_s
fputc
fwrite
_lseeki64
_wfopen
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
_read
__acrt_iob_func
_write
feof

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
_callnewh
free

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

atoi
strtoul
strtol
strtoull
strtoll
strtod
atof

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_unlink
_fstat64

Sections

.text
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

6bc2ac5ddde9cd8f461d79dd928eb410

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

user32

kernel32

imm32

d3dcompiler_43

d3dx9_43

d3d11

ws2_32

advapi32

shell32

normaliz

wldap32

crypt32

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 774KB - Virtual size: 774KB

.rdata Size: 756KB - Virtual size: 755KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 26KB - Virtual size: 25KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 774KB - Virtual size: 774KB

.rdata
Size: 756KB - Virtual size: 755KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB