KOPACZ W TLE BY RAFIX[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

KOPACZ W TLE BY RAFIX.zip
Size

2.9MB
MD5

614ddb0806111ec8d6aada5e376911cb
SHA1

8a23a58bc7edfd2dc0d533b188e5655966de4023
SHA256

47fb87e0a8ce992c4b3dc9458d232c2631ca0f16c7f09ef1bad61aaf32d26852
SHA512

7474f08a4dafb097c03727f2cfb76c04e70ba32c38d3f0b9a694dccc757a92f32d98102b8672b17adb6a46dbf9e6bc35413633fc0d42e82ddb4a06790a803f3c
SSDEEP

49152:DCOnUn8UuXIKMhHQC0oGiBSLFz741+BJE+bjX8ULZRtqHo2CHpkD8q:DCuU89MhHQxlJFzpxjMURq+kDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KOPACZ W TLE BY RAFIX (64 bit).exe
unpack001/nieusuwaj.exe

Files

KOPACZ W TLE BY RAFIX.zip
.zip
KOPACZ W TLE BY RAFIX (64 bit).exe
.exe windows:5 windows x64 arch:x64

48e414e431433a62713440d22abb8343

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

gethostbyname

winmm

mixerOpen

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetModuleBaseNameW

wininet

InternetOpenW

user32

GetDC

gdi32

BitBlt

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayGetLBound

Sections

.MPRESS1
Size: 2.3MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
nieusuwaj.exe
.exe windows:5 windows x64 arch:x64

8bdd24038c55ff77490879f5a981813c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

getservbyport
ntohs
inet_addr
htonl
getservbyname
WSASetLastError
htons
WSAGetLastError
gethostbyname
ioctlsocket
gethostbyaddr
gethostname
shutdown
WSACleanup
closesocket
connect
socket
WSAStartup
send
recv
WSAAsyncSelect
inet_ntoa

winmm

waveOutGetVolume
mixerGetLineInfoW
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineControlsW
mixerGetDevCapsW
waveOutSetVolume
mixerClose
mixerOpen
mciSendStringW
joyGetDevCapsW
joyGetPosEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW

psapi

GetModuleBaseNameW
GetProcessImageFileNameW
GetModuleFileNameExW

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetReadFileExA
InternetOpenW

kernel32

GlobalFree
GlobalUnlock
WideCharToMultiByte
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetEnvironmentVariableW
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
GetLastError
LoadLibraryW
GetModuleHandleW
GetVersionExW
DeleteCriticalSection
GetModuleFileNameW
GetFileAttributesW
GetFullPathNameW
GetSystemTimeAsFileTime
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
SetEnvironmentVariableW
Beep
MoveFileW
OutputDebugStringW
CreateProcessW
MultiByteToWideChar
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
GlobalAlloc
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
GetCurrentDirectoryW
CreateDirectoryW
ReadFile
WriteFile
DeleteFileW
CopyFileW
SetFileAttributesW
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetSystemWindowsDirectoryW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalSize
GlobalLock
SetErrorMode
InitializeCriticalSection
GetCPInfo
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
EncodePointer
HeapSize
HeapQueryInformation
GetCommandLineW
GetStartupInfoW
GetOEMCP
IsValidCodePage
FlsGetValue
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
DecodePointer
FlsSetValue
FlsFree
FlsAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
HeapSetInformation
GetVersion
HeapCreate
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
RtlPcToFileHeader
SetHandleCount
LCMapStringW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointer
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetVolumeLabelW
GetProcessHeap

user32

EnableWindow
GetWindowTextLengthW
EnumWindows
IsZoomed
IsIconic
EnumDisplayMonitors
GetMonitorInfoW
RegisterWindowMessageW
GetSysColor
GetSysColorBrush
DrawIconEx
FillRect
DefWindowProcW
SetForegroundWindow
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SetDlgItemTextW
MessageBeep
ClientToScreen
GetCursorInfo
GetLastInputInfo
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
SetMenu
FlashWindow
GetPropW
SetPropW
RemovePropW
MapWindowPoints
RedrawWindow
SetWindowLongPtrW
SetParent
GetClassInfoExW
DefDlgProcW
GetAncestor
UpdateWindow
GetMessagePos
GetClassLongPtrW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
GetWindowLongPtrW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
SetMenuDefaultItem
RemoveMenu
SetMenuItemInfoW
IsMenu
GetMenuItemInfoW
CreateMenu
CreatePopupMenu
SetMenuInfo
AppendMenuW
DestroyMenu
TrackPopupMenuEx
GetDesktopWindow
CopyImage
InvalidateRect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetTopWindow
GetQueueStatus
GetMenu
CheckMenuItem
GetIconInfo
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsW
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyIcon
DestroyWindow
IsCharAlphaW
MapVirtualKeyW
VkKeyScanExW
MapVirtualKeyExW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
SetActiveWindow
EnumChildWindows
MoveWindow
GetWindowRect
GetClientRect
SystemParametersInfoW
AdjustWindowRectEx
DrawTextW
CreateIconIndirect
SetRect
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
CharUpperW
IsClipboardFormatAvailable
SetWindowTextW
IsWindowVisible
LoadImageW
BlockInput
UnregisterHotKey

gdi32

GdiFlush
CreateDIBSection
EnumFontFamiliesExW
SetBrushOrgEx
SetBkColor
GetPixel
BitBlt
CreatePatternBrush
SetBkMode
GetCharABCWidthsW
GetClipBox
FillRgn
GetClipRgn
ExcludeClipRect
GetDeviceCaps
DeleteObject
CreateFontW
CreateSolidBrush
CreateDCW
CreateCompatibleBitmap
GetSystemPaletteEntries
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectObject
GetStockObject
SetTextColor

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

advapi32

GetUserNameW
LockServiceDatabase
OpenSCManagerW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
RegConnectRegistryW
UnlockServiceDatabase

shell32

DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
ExtractIconW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayDestroy
GetActiveObject
SysStringLen
SysFreeString
SafeArrayCreate
VariantClear
VariantChangeType
SysAllocString
SafeArrayCopy
VariantCopyInd
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayLock
SafeArrayPtrOfIndex

Sections

.text
Size: 938KB - Virtual size: 938KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
przeczytaj.txt

Sharing

General

Malware Config

Signatures

Files

48e414e431433a62713440d22abb8343

Headers

File Characteristics

Imports

kernel32

wsock32

winmm

version

comctl32

psapi

wininet

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 2.3MB - Virtual size: 6.6MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 31KB

8bdd24038c55ff77490879f5a981813c

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 938KB - Virtual size: 938KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 20KB - Virtual size: 49KB

.pdata Size: 32KB - Virtual size: 32KB

text Size: 9KB - Virtual size: 9KB

data Size: 28KB - Virtual size: 27KB

.rsrc Size: 38KB - Virtual size: 37KB

.MPRESS1
Size: 2.3MB - Virtual size: 6.6MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 31KB

.text
Size: 938KB - Virtual size: 938KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 20KB - Virtual size: 49KB

.pdata
Size: 32KB - Virtual size: 32KB

text
Size: 9KB - Virtual size: 9KB

data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 38KB - Virtual size: 37KB