zcb3[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

zcb3.exe
Size

10.8MB
MD5

0c7654da066cf76d1a0e781ccdd01348
SHA1

0afd51e370a2e7abd2c2a7f332733d7c5c0a5733
SHA256

6e11807d340f64fd0e20be36c2feffa16a6161f68927c962c7878fec5fdf4409
SHA512

d0ec9c0553ba30da3076b367ba760843884405f8e480a9ee2a8b3512225062e20d68c360eda0ffa9e07778fcf69c596a473242c61aa413f40857e4acad5370ed
SSDEEP

98304:ERtH0s/dX8SwRmoIxPrUTJe1nIqXW6ebem9VSbQuF9rUGDrp:zQPhbY9Verp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zcb3.exe

Files

zcb3.exe
.exe windows:6 windows x64 arch:x64

Password: infected

b8efbd8980c5aca5c703474e5d6f1ebc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
NtWriteFile
NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
RtlNtStatusToDosError
NtReadFile

kernel32

SwitchToThread
SetConsoleMode
GetProcAddress
GetConsoleMode
ReleaseSRWLockExclusive
HeapReAlloc
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
AcquireSRWLockShared
ReleaseSRWLockShared
FreeConsole
GlobalLock
GlobalSize
GetConsoleScreenBufferInfo
GetStdHandle
SetFilePointerEx
MultiByteToWideChar
GlobalAlloc
SetThreadStackGuarantee
AddVectoredExceptionHandler
GlobalFree
IsProcessorFeaturePresent
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
AcquireSRWLockExclusive
SetConsoleTextAttribute
Sleep
WakeAllConditionVariable
FindClose
TryAcquireSRWLockExclusive
FreeLibrary
SetThreadErrorMode
LoadLibraryExW
LoadLibraryW
GlobalUnlock
WaitForSingleObject
FindNextFileW
SetHandleInformation
CopyFileExW
MoveFileExW
GetSystemTimeAsFileTime
WriteFileEx
GetSystemInfo
GetFileType
GetFileInformationByHandleEx
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetModuleHandleA
CloseHandle
HeapAlloc
SleepConditionVariableSRW
WakeConditionVariable
GetProcessHeap
HeapFree
GetCurrentThread
WriteConsoleW
QueryPerformanceFrequency
SleepEx
ReadFileEx
CreateThread
CreateNamedPipeW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetFileAttributesW
CreateWaitableTimerExW
SetWaitableTimer
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
DuplicateHandle
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileW
CreateDirectoryW
GetFinalPathNameByHandleW
WaitForSingleObjectEx
GetFullPathNameW
GetFileInformationByHandle
GetTempPathW
GetEnvironmentVariableW
ReleaseMutex
SetLastError
CreateMutexA
GetModuleFileNameW
GetCommandLineW
GetCurrentProcessId
DeleteFileW
LocalFree
CreateProcessA
ExitProcess
CreateFileW
GetCurrentProcess
LoadLibraryA

crypt32

CertFreeCertificateContext
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertOpenStore
CertCloseStore

user32

EnableMenuItem
GetWindowLongW
AdjustWindowRectEx
GetClipCursor
ClipCursor
GetSystemMenu
GetClassInfoExW
GetClassNameW
FlashWindowEx
DefWindowProcW
ShowWindow
ShowCursor
ClientToScreen
GetForegroundWindow
SetWindowTextW
SetCursorPos
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
GetWindowTextW
GetWindowTextLengthW
CreateIcon
RegisterWindowMessageA
SetPropW
GetWindowRect
SetClipboardData
EmptyClipboard
SystemParametersInfoA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
SetWindowLongPtrW
GetRawInputData
DispatchMessageW
TranslateMessage
KillTimer
SetTimer
GetMessageW
RegisterRawInputDevices
GetPropW
CallWindowProcW
SetWindowLongW
EnumDisplayMonitors
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
ReleaseCapture
SetCapture
MonitorFromRect
ValidateRect
LoadCursorW
DestroyWindow
GetMenu
SetCursor
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
RedrawWindow
IsProcessDPIAware
GetKeyboardState
InvalidateRgn
SetWindowPos
SetForegroundWindow
SendInput
MapVirtualKeyW
MonitorFromWindow
GetKeyState
GetAsyncKeyState
RemovePropW
OpenClipboard
RegisterTouchWindow
SetWindowDisplayAffinity
PeekMessageW
PostMessageW
CreateWindowExW
RegisterClassExW
MonitorFromPoint
GetDC
GetWindowLongPtrW
CreateIconFromResourceEx
IsIconic
GetClientRect
SendMessageW
GetSystemMetrics
GetActiveWindow
ReleaseDC
DestroyIcon

oleaut32

SysAllocStringLen
SysFreeString
SafeArrayCreateVector
SafeArrayPutElement
SetErrorInfo
GetErrorInfo
SysStringLen

uiautomationcore

UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaLookupId

opengl32

wglDeleteContext
wglMakeCurrent
wglCreateContext
wglGetCurrentDC
wglShareLists
wglGetProcAddress
wglGetCurrentContext

gdi32

CreateRectRgn
SetPixelFormat
SwapBuffers
DeleteObject
DescribePixelFormat
GetDeviceCaps
ChoosePixelFormat

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmGetContext
ImmGetCompositionStringW
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmAssociateContextEx

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
RegisterDragDrop
CoTaskMemFree
OleInitialize
RevokeDragDrop

shlwapi

AssocQueryStringW

ws2_32

setsockopt
closesocket
getsockname
WSAGetLastError
shutdown
WSASocketW
getpeername
ioctlsocket
recv
WSACleanup
send
WSAStartup
freeaddrinfo
WSASend
getaddrinfo
bind
connect
getsockopt
WSAIoctl

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

secur32

FreeCredentialsHandle
DeleteSecurityContext
AcceptSecurityContext
AcquireCredentialsHandleA
EncryptMessage
FreeContextBuffer
InitializeSecurityContextW
QueryContextAttributesW
ApplyControlToken
DecryptMessage

shell32

CommandLineToArgvW
SHCreateItemFromParsingName
DragFinish
DragQueryFileW

uxtheme

SetWindowTheme

vcruntime140

memmove
memset
memcpy
__CxxFrameHandler3
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memcmp

api-ms-win-crt-math-l1-1-0

atan2f
cosf
_hypotf
sinf
cosh
log10
log2
sinh
truncf
expf
acosf
fmodf
powf
_hypot
cbrtf
exp2f
atan
sin
exp2
acos
__setusermatherr
ceil
tan
ceilf
floorf
trunc
fmod
tanh
pow
log
round
asin
cos
floor
roundf
log1p

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-runtime-l1-1-0

_cexit
__p___argv
__p___argc
_c_exit
_register_thread_local_exe_atexit_callback
_exit
terminate
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_crt_atexit
_initialize_onexit_table
_register_onexit_function
_set_app_type
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b8efbd8980c5aca5c703474e5d6f1ebc

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

crypt32

user32

oleaut32

uiautomationcore

opengl32

gdi32

dwmapi

imm32

ole32

shlwapi

ws2_32

bcrypt

advapi32

secur32

shell32

uxtheme

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 7.1MB - Virtual size: 7.1MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 3KB - Virtual size: 583KB

.pdata Size: 228KB - Virtual size: 228KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 30KB - Virtual size: 30KB

.text
Size: 7.1MB - Virtual size: 7.1MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 3KB - Virtual size: 583KB

.pdata
Size: 228KB - Virtual size: 228KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 30KB - Virtual size: 30KB