APKs[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

APKs.zip
Size

3.9MB
MD5

a260e440eeac11a96926b4621ab56dca
SHA1

6e6a3655493e9576ef64cdc978037452807aafb9
SHA256

5bee746bec0dcfd68efade6a8683a5f605b9b63fcc26fb85934709d489456c75
SHA512

dacc13b336b3ad3f7ee28b6d17bd14b0efecd3a3fd77635bedcf08355ee5677d6ffa0fed9583b3b890532f3a568dc8a1ffd6c6668c3950de97ea12944b96bfc5
SSDEEP

98304:9JbIjw/f/euTlOrag7fIHyIrK9zkOju8fs0G9rxUfS5JuFyIHF9Ld6:9Sjw/f/VoH7f7IOy8hGjbub9Ls

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5292be813828a59187111a0fd3c989fcfe0b7c893061340c00e246443a1e31db

Files

APKs.zip
.zip
5292be813828a59187111a0fd3c989fcfe0b7c893061340c00e246443a1e31db
.exe windows:4 windows x64 arch:x64

f427a79d26b1bd327d2b8af9a150d6fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
MultiByteToWideChar
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_ismbblead
_lock
_onexit
_setjmp
_stricmp
_time64
_ultoa
_unlock
_wcslwr_s
abort
atoi
calloc
exit
fprintf
fputc
fputs
free
fwrite
getenv
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
rand
realloc
signal
strchr
strcmp
strerror
strlen
strncmp
strtoul
vfprintf
wcscpy_s
wcslen
_strdup
_read

shell32

CommandLineToArgvW

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.CRT
.data
.eh_fram
.idata
.pdata
.rdata
.reloc
.rsrc/1024/7Z/1
.rsrc/1033/DIALOG/105
.rsrc/1033/DIALOG/106
.rsrc/1033/DIALOG/111
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/ICON/5.ico
.rsrc/1033/ICON/6.ico
.rsrc/1033/ICON/7
.png
.rsrc/1033/MANIFEST/1
.xml
.rsrc/1033/version.txt
.rsrc_1
.text
.tls
.xdata
b136a1d9125f4a74e114db030877ddb72476c6aeb0ea5141a4bce5e37cec0839
.sys windows:10 windows x64 arch:x64

ce10082e1aa4c1c2bd953b4a7208e56a

Code Sign

54:87:1d:9a:b3:8d:19:02:c3:21:15:f4:c0:79:7e:a2
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

07/01/2014, 00:00

Not After

07/01/2015, 23:59

Subject

CN=Shenzhen Jinxian Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen Jinxian Technology Co.\, Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:eb:06:43:df:24:d6:80:58:dd:48:9a:fc:0d:90:41:28:32:ba:9e
Signer

Actual PE Digest

42:eb:06:43:df:24:d6:80:58:dd:48:9a:fc:0d:90:41:28:32:ba:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeInitializeEvent
ExAllocatePool
NtQuerySystemInformation
ExFreePoolWithTag
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
KeQueryActiveProcessors
KeSetSystemAffinityThread
KeRevertToUserAffinityThread
DbgPrint

hal

HalReturnToFirmware
KeQueryPerformanceCounter

Sections

.text
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.?0h
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d&+
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&#X
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f427a79d26b1bd327d2b8af9a150d6fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shell32

Sections

.text Size: 232KB - Virtual size: 232KB

.data Size: 46KB - Virtual size: 46KB

.rdata Size: 15KB - Virtual size: 14KB

.eh_fram Size: 512B - Virtual size: 4B

.pdata Size: 12KB - Virtual size: 11KB

.xdata Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 3KB

.idata Size: 4KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 936B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

ce10082e1aa4c1c2bd953b4a7208e56a

Code Sign

54:87:1d:9a:b3:8d:19:02:c3:21:15:f4:c0:79:7e:a2Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

42:eb:06:43:df:24:d6:80:58:dd:48:9a:fc:0d:90:41:28:32:ba:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: - Virtual size: 9KB

.rdata Size: - Virtual size: 1KB

.data Size: - Virtual size: 120B

.pdata Size: - Virtual size: 408B

INIT Size: - Virtual size: 1KB

.?0h Size: - Virtual size: 1.2MB

.d&+ Size: 1024B - Virtual size: 640B

.&#X Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 512B - Virtual size: 124B

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 232KB - Virtual size: 232KB

.data
Size: 46KB - Virtual size: 46KB

.rdata
Size: 15KB - Virtual size: 14KB

.eh_fram
Size: 512B - Virtual size: 4B

.pdata
Size: 12KB - Virtual size: 11KB

.xdata
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 936B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

54:87:1d:9a:b3:8d:19:02:c3:21:15:f4:c0:79:7e:a2
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

42:eb:06:43:df:24:d6:80:58:dd:48:9a:fc:0d:90:41:28:32:ba:9e
Signer

.text
Size: - Virtual size: 9KB

.rdata
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 120B

.pdata
Size: - Virtual size: 408B

INIT
Size: - Virtual size: 1KB

.?0h
Size: - Virtual size: 1.2MB

.d&+
Size: 1024B - Virtual size: 640B

.&#X
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 512B - Virtual size: 124B

.rsrc
Size: 4KB - Virtual size: 4KB