dccrack[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dccrack.zip
Size

32.0MB
MD5

d425ebd84ff4d16d5c824b3924296b09
SHA1

1f67e3be43ae3263172bc6c907f25449d78aa673
SHA256

f434fbadf85d9083d404b9774b2b7ca85891aac4ec4aa695839cd4f5f666029d
SHA512

8be6f7ee098f91eee87099abd013cd13c31d7bc8b934aec33eefff9a98904475c961c1f56c13efe370d260b591e6024706540542daaddaccf4397c206bf696e4
SSDEEP

786432:3t8MgG1LbIC/f1jN8PPtcsG2MiuM98RQMo5jLt/MWLst0o:mPWMC/f+1cv2MI1ZntEWLFo

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/deadcodecrack.exe
unpack001/hook.dll

Files

dccrack.zip
.zip
deadcodecrack.exe
.exe windows:6 windows x64 arch:x64

d2d663c4f7bb47683d5e8186268c8dfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetWaitableTimer
TlsSetValue
SetLastError
SetConsoleTextAttribute
EnterCriticalSection
GetStdHandle
WriteFile
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
OpenProcess
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
Process32NextW
CreateFileA
SetEvent
TerminateThread
WriteProcessMemory
LockResource
Process32FirstW
CloseHandle
LoadResource
FindResourceW
QueueUserAPC
GetProcAddress
VirtualAllocEx
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
CreateRemoteThread
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
lstrcmpiW
CreateIoCompletionPort
CreateDirectoryW
CreateFileW
SizeofResource
ReadFile
SetConsoleTitleW
SetConsoleOutputCP
SetConsoleCP
TlsAlloc
Sleep
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
MultiByteToWideChar
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

MessageBoxW
GetWindowThreadProcessId
FindWindowW

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Winerror_map@std@@YAHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

ws2_32

htons
WSAStartup
WSAGetLastError
closesocket
ioctlsocket
setsockopt
bind
WSACleanup
WSASocketW
WSASend

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_compare
__C_specific_handler
__std_terminate
__current_exception
__std_exception_destroy
memmove
memcmp
memcpy
_purecall
__current_exception_context
memset
_CxxThrowException
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_get_initial_narrow_environment
_initterm
terminate
_exit
__p___argc
__p___argv
_c_exit
_beginthreadex
_register_thread_local_exe_atexit_callback
_initterm_e
_cexit
_invalid_parameter_noinfo_noreturn
system
_seh_filter_exe
_crt_atexit
_set_app_type
exit

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
setlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfwprintf
__stdio_common_vsprintf
fclose
__p__commode
ftell
fopen
fseek
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25.7MB - Virtual size: 25.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hook.dll
.dll windows:6 windows x64 arch:x64

625b56a02236681186fe7c78d8a76332

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libcrypto-1_1-x64

BIO_new_bio_pair
BIO_ctrl
BIO_ctrl_pending
PEM_read_bio_PrivateKey
PEM_read_bio_X509
ERR_get_error
ERR_func_error_string
EVP_PKEY_free
ERR_peek_last_error
BIO_write
BIO_new_mem_buf
ERR_peek_error
DH_free
CONF_modules_unload
ERR_lib_error_string
ERR_reason_error_string
BIO_free
PEM_read_bio_DHparams
ERR_clear_error
X509_free
PEM_read_bio_X509_AUX
BIO_read

libssl-1_1-x64

SSL_get_shutdown
SSL_CTX_get_default_passwd_cb
SSL_connect
SSL_CTX_set_default_passwd_cb
TLS_method
SSL_free
SSL_CTX_set_options
SSL_new
SSL_CTX_free
SSL_CTX_ctrl
SSL_get_ex_data
SSL_CTX_use_PrivateKey
SSL_set_ex_data
SSL_CTX_new
SSL_write
SSL_CTX_set_default_passwd_cb_userdata
SSL_ctrl
SSL_set_bio
SSL_accept
SSL_CTX_use_certificate
SSL_read
SSL_CTX_get_ex_data
SSL_CTX_get_default_passwd_cb_userdata
SSL_shutdown
SSL_CTX_set_ex_data
SSL_get_error

kernel32

GetCurrentProcess
FindResourceW
LoadResource
LockResource
CreateFileA
SizeofResource
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
OpenThread
SetThreadContext
FlushInstructionCache
GetCurrentProcessId
GetThreadContext
HeapAlloc
HeapReAlloc
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
HeapFree
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
CreateThread
GetTickCount64
Sleep
GetSystemTimeAsFileTime
CreateIoCompletionPort
FormatMessageA
TlsFree
TlsGetValue
VerifyVersionInfoW
SleepEx
WideCharToMultiByte
VerSetConditionMask
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
LoadLibraryW
GetModuleHandleW
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
CreateWaitableTimerW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
MultiByteToWideChar
FormatMessageW
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
CancelIoEx
QueueUserAPC
LocalFree

user32

MessageBoxW
wsprintfW

msvcp140

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Query_perf_counter
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ

wininet

HttpSendRequestW
InternetConnectA
HttpOpenRequestA
InternetOpenW
InternetReadFile
InternetCloseHandle

ws2_32

ntohl
WSARecv
htonl
htons
WSASend
setsockopt
shutdown
listen
WSASetLastError
WSAStringToAddressW
WSAGetLastError
ntohs
closesocket
bind
WSACleanup
select
accept
WSAStartup
ioctlsocket
inet_ntoa
WSASocketW

mswsock

GetAcceptExSockaddrs
AcceptEx

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
__std_type_info_destroy_list
memcmp
_CxxThrowException
_purecall
__std_type_info_compare
__C_specific_handler
memcpy
memmove
memset
__std_terminate
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initterm
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
strerror
_beginthreadex
_invalid_parameter_noinfo_noreturn
_crt_atexit
exit
_cexit
_execute_onexit_table
_initterm_e

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

api-ms-win-crt-string-l1-1-0

strcmp
strncpy
tolower
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
fflush
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_gmtime64

api-ms-win-crt-math-l1-1-0

ceilf

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 974KB - Virtual size: 991KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d663c4f7bb47683d5e8186268c8dfb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 25.7MB - Virtual size: 25.7MB

.reloc Size: 1024B - Virtual size: 748B

625b56a02236681186fe7c78d8a76332

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1-x64

libssl-1_1-x64

kernel32

user32

msvcp140

wininet

ws2_32

mswsock

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 974KB - Virtual size: 991KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 11.9MB - Virtual size: 11.9MB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 25.7MB - Virtual size: 25.7MB

.reloc
Size: 1024B - Virtual size: 748B

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 974KB - Virtual size: 991KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 11.9MB - Virtual size: 11.9MB

.reloc
Size: 1KB - Virtual size: 1KB