clean_ts[.]zip

Resubmissions

18/01/2024, 02:27

240118-cxh7tabfb8 3

18/01/2024, 02:17

240118-cqxrmabeb7 3

Sharing

Copy URL Twitter E-mail

General

Target

clean_ts.zip
Size

13KB
MD5

36b4eec7323f26e6a0d26874b33c18ea
SHA1

0911c43663084dfd476354d1d37fb860ce5a30e0
SHA256

7efca9c2e4a04d1df5b6679f7573e9d925576ae2c2dbef8b5b9c048e60102706
SHA512

7a574d23b55ca07f1c563337e44a04a6eaac21ca1e5025fcea43e453989fa5850b726768ed0bdf1a78cae992d91a200e45c859ce589b795d083a58764bfef8a9
SSDEEP

384:wIPw786zvjyoBhBjgzAg/wuYlwezMkf7dS1GFEcs8x6B+H:ZI9zveKLjgzyuYwezj79FEcsO6m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/clean ts/get_guid.exe

Files

clean_ts.zip
.zip
clean ts/3x finished with auth.ahk
clean ts/JSON.ahk
clean ts/config.json
clean ts/get_guid.exe
.exe windows:6 windows x64 arch:x64

bb10d973fe3aae746219ae3777d1233c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
GlobalUnlock
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GlobalLock
GlobalAlloc
UnhandledExceptionFilter
Sleep
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

user32

EmptyClipboard
CloseClipboard
OpenClipboard
SetClipboardData

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate
__C_specific_handler
__std_exception_destroy
memcpy
_CxxThrowException
__current_exception_context
__std_exception_copy
memset
__current_exception

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_cexit
__p___argv
_c_exit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
__p___argc

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

bb10d973fe3aae746219ae3777d1233c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 576B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 88B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 576B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 88B