Boostz-1[.]9-stable[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Boostz-1.9-stable.zip
Size

28.5MB
MD5

a22f8db6e6f34d8cee9903e904bd8a93
SHA1

1f1994e08375820c5c9bf0092fedebf1ea02b13d
SHA256

9ab4c79df7f87f3cf0328145d5e3064ff7109ec94ebd439627e3ae06c9f5ea30
SHA512

f0f4a4a512be4a5627a8b481e2526ff44a5ad3f2e9433c539bca03f5aeb5212d1b353be9a2b323cd88ab56f9234f37514e656a911dd991d9e6f621f3d32c7bbc
SSDEEP

786432:eTM5Fb3DQW45MTkJ+arnMjM7nVhoJ1QVemzVuKc8nWmN:QENk0T3arnt7/oJ1QVegVRc8nrN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/boostzr.exe

Files

Boostz-1.9-stable.zip
.zip

Password: infected
boostzr.exe
.exe windows:6 windows x64 arch:x64

Password: infected

b2c1d56adb58f6a1074f417735626eb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RaiseException
FreeLibrary
SetErrorMode
RaiseFailFastException
GetExitCodeProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
MultiByteToWideChar
GetTickCount
FlushInstructionCache
QueryPerformanceFrequency
QueryPerformanceCounter
RtlLookupFunctionEntry
LocateXStateFeature
RtlDeleteFunctionTable
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
GetCurrentThreadId
TlsAlloc
GetCurrentThread
GetCurrentProcessId
CreateThread
GetModuleHandleW
WaitForMultipleObjectsEx
SignalObjectAndWait
RtlCaptureContext
SetThreadStackGuarantee
VirtualQuery
WriteFile
GetStdHandle
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
InterlockedPopEntrySList
ExitProcess
Sleep
CreateMemoryResourceNotification
VirtualAlloc
VirtualFree
VirtualProtect
SleepEx
SwitchToThread
SuspendThread
ResumeThread
InitializeContext
SetXStateFeaturesMask
RtlRestoreContext
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
ReadFile
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
SetEvent
ResetEvent
GetThreadContext
SetThreadContext
GetEnabledXStateFeatures
CopyContext
WerRegisterRuntimeExceptionModule
RtlInstallFunctionTableCallback
GetSystemDefaultLCID
GetUserDefaultLCID
RtlUnwind
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
CreateSemaphoreExW
ReleaseSemaphore
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
QueryThreadCycleTime
GetLogicalProcessorInformationEx
SetThreadGroupAffinity
GetThreadGroupAffinity
GetProcessGroupAffinity
GetCurrentProcessorNumberEx
GetProcessAffinityMask
QueryInformationJobObject
CreateFileMappingW
GetSystemTimeAsFileTime
GetModuleFileNameW
CreateProcessW
GetCPInfo
CloseHandle
GetTempPathW
LoadLibraryExW
CreateFileW
GetFileAttributesExW
GetFullPathNameW
LoadLibraryExA
OutputDebugStringA
OpenEventW
ReleaseMutex
ExitThread
CreateMutexW
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
SetFilePointer
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
RtlAddFunctionTable
LoadLibraryW
CreateDirectoryW
RemoveDirectoryW
CreateActCtxW
ActivateActCtx
FindResourceW
GetWindowsDirectoryW
GetFileSizeEx
FindFirstFileExW
FindNextFileW
FindClose
LoadLibraryA
GetCurrentDirectoryW
IsWow64Process
EncodePointer
DecodePointer
CreateFileMappingA
TlsSetValue
TlsGetValue
GetSystemInfo
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
GetProcAddress
GetModuleHandleExW
SetThreadErrorMode
WideCharToMultiByte
FlushProcessWriteBuffers
SetLastError
DebugBreak
WaitForSingleObject
GetNumaHighestNodeNumber
SetThreadAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
VirtualAllocExNuma
GetNumaProcessorNodeEx
VirtualUnlock
GetLargePageMinimum
IsProcessInJob
K32GetProcessMemoryInfo
GetLogicalProcessorInformation
GlobalMemoryStatusEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlVirtualUnwind
IsProcessorFeaturePresent
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
RtlPcToFileHeader
InitializeConditionVariable
WakeConditionVariable
TryAcquireSRWLockExclusive
GetExitCodeThread
GetStringTypeW
InitializeCriticalSectionEx
GetLastError

advapi32

GetSidSubAuthority
AdjustTokenPrivileges
RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite
LookupPrivilegeValueW

ole32

CreateStreamOnHGlobal
CoRevokeInitializeSpy
CoGetClassObject
CoGetContextToken
CoGetObjectContext
CoUnmarshalInterface
CoMarshalInterface
CoGetMarshalSizeMax
CLSIDFromProgID
CoReleaseMarshalData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitializeEx
CoRegisterInitializeSpy
CoWaitForMultipleHandles
CoUninitialize
CoCreateFreeThreadedMarshaler

oleaut32

GetRecordInfoFromTypeInfo
VariantInit
VariantClear
SafeArrayAllocDescriptorEx
SafeArraySetRecordInfo
VariantChangeTypeEx
VariantChangeType
SafeArrayGetVartype
SafeArrayAllocData
SysFreeString
GetErrorInfo
SafeArrayGetElemsize
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SafeArrayCreateVector
SysAllocStringLen
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
VarCyFromDec
SafeArrayGetLBound
SafeArrayGetDim

user32

LoadStringW
MessageBoxW

shell32

ShellExecuteW

api-ms-win-crt-string-l1-1-0

strncat_s
wcsncat_s
strcmp
wcsnlen
wcscat_s
towupper
iswascii
_strdup
strnlen
strncpy
wcstok_s
isdigit
isalpha
towlower
isupper
iswupper
iswspace
_wcsdup
strtok_s
islower
_wcsnicmp
strcspn
__strncnt
strlen
wcscpy_s
toupper
wcsncpy_s
_wcsicmp
strcpy_s
strcat_s
_strnicmp
tolower
wcsncmp
isspace
strncmp
_stricmp
strncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
fflush
__stdio_common_vfprintf
__stdio_common_vswprintf
__stdio_common_vfwprintf
fputws
fputwc
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fgetpos
fgets
fgetc
fputc
_wfsopen
_wfopen
__p__commode
_set_fmode
setvbuf
_setmode
_dup
_fileno
ftell
fseek
__stdio_common_vsnprintf_s
fputs
__acrt_iob_func
__stdio_common_vsnwprintf_s
fwrite
_flushall
fopen
fclose

api-ms-win-crt-runtime-l1-1-0

_get_initial_wide_environment
_initterm
_initterm_e
_exit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_set_app_type
_beginthreadex
terminate
_controlfp_s
_wcserror_s
_invalid_parameter_noinfo
_seh_filter_exe
_cexit
_errno
_initialize_wide_environment
abort
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit

api-ms-win-crt-convert-l1-1-0

_ltow_s
atol
wcstoul
_wcstoui64
strtoull
_atoi64
strtoul
_itow_s
_wtoi

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
realloc
malloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

cbrtf
atanhf
asinhf
asinh
cbrt
acosh
_fdopen
atanh
fmaf
_copysignf
_isnanf
trunc
truncf
ilogb
ilogbf
fma
floorf
_copysign
_isnan
_finite
frexp
modf
modff
acos
acosf
asin
asinf
atan
atan2
tanhf
atan2f
fmod
fmodf
log
log10
atanf
log10f
log2
log2f
logf
pow
powf
sin
sinf
sinh
sinhf
sqrt
ceil
ceilf
sqrtf
tan
tanf
tanh
cos
cosf
acoshf
cosh
coshf
exp
expf
__setusermatherr
floor

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
wcsftime

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_unlock_locales
___lc_locale_name_func
localeconv
_lock_locales
_configthreadlocale
___lc_codepage_func
__pctype_func
___mb_cur_max_func
setlocale

api-ms-win-crt-filesystem-l1-1-0

_wrename
_lock_file
_unlock_file
_wremove

Exports

Exports

CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics
g_dacTable

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: 512B - Virtual size: 221B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Section
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
boostzr.pdb

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

b2c1d56adb58f6a1074f417735626eb2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

user32

shell32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.CLR_UEF Size: 512B - Virtual size: 221B

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 38KB - Virtual size: 128KB

.pdata Size: 222KB - Virtual size: 221KB

.didat Size: 512B - Virtual size: 56B

Section Size: 512B - Virtual size: 8B

_RDATA Size: 77KB - Virtual size: 77KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.CLR_UEF
Size: 512B - Virtual size: 221B

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 38KB - Virtual size: 128KB

.pdata
Size: 222KB - Virtual size: 221KB

.didat
Size: 512B - Virtual size: 56B

Section
Size: 512B - Virtual size: 8B

_RDATA
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 32KB - Virtual size: 31KB