v2[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

v2.zip
Size

468KB
MD5

12a75ec841deed95b1ac5fcaca41e514
SHA1

67df96e5758875f8f7fbb2519e73e53bdff6941e
SHA256

1220de8d4c0904af9b663ab178e31d6d1548e7328bbd4a62e4b91cd4288c320d
SHA512

5b032ff58d95af7c273835e4cd359f11c34dcde4dc4fbec342488e2356ff6d69d790e6f99f68d9aa17b9021e5e05316a460faa82a6155ed19d2383a227556761
SSDEEP

12288:3G21/htndKz+YbtaBCcKr+wPPZ+hlIhj6U+xRNyIq:22RndKzWBCT/Ph+hlmGzyL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/v2/bongo cat.exe

Files

v2.zip
.zip
v2/bongo cat.exe
.exe windows:6 windows x86 arch:x86

1c5ed8c4da7a754a576887f6eab3b8a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hamis\Desktop\neko\bongo cat\Release\bongo cat.pdb

Imports

opengl32

wglMakeCurrent
wglGetProcAddress
glFlush
wglDeleteContext
wglCreateContext
glIsEnabled
glGetString
glGetError
glVertexPointer
glTexCoordPointer
glEnableClientState
glDrawArrays
glDisableClientState
glColorPointer
glViewport
wglShareLists
glEnable
glDisable
glClearColor
glClear
glBlendFunc
glTexSubImage2D
glGenTextures
glDeleteTextures
glBindTexture
glTexParameteri
glTexImage2D
glMatrixMode
glLoadMatrixf
glLoadIdentity
glGetIntegerv

winmm

timeGetDevCaps
timeBeginPeriod
joyGetDevCapsW
joyGetPosEx
timeEndPeriod

gdi32

DescribePixelFormat
ChoosePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
GetPixelFormat

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
GetVersion
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
LoadLibraryA
LoadLibraryW
FreeLibrary
FormatMessageW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLastError
GetCurrentProcess
UnhandledExceptionFilter
IsProcessorFeaturePresent
CreateEventW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
LocalFree

user32

ChangeDisplaySettingsW
DestroyIcon
CreateIcon
GetWindowThreadProcessId
SetWindowLongW
GetWindowLongW
ClipCursor
MapWindowPoints
ScreenToClient
SetCursor
ShowCursor
AdjustWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
SetWindowPos
FlashWindowEx
CreateWindowExW
UnregisterClassW
RegisterClassW
CallWindowProcW
DefWindowProcW
RegisterDeviceNotificationW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
ShowWindow
DestroyWindow
CreateWindowExA
LoadCursorW
GetDC
EnumDisplaySettingsW
GetKeyState
GetCursorPos
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetWindowRect
GetDesktopWindow
TrackMouseEvent

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@_W@std@@QBED_WD@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_BADOFF@std@@3_JB
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Strcoll
_Strxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

vcruntime140

_except_handler4_common
memset
memmove
_CxxThrowException
memcpy
_purecall
__std_exception_destroy
__std_exception_copy
strchr
__std_terminate
__CxxFrameHandler3
strstr
memchr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_seh_filter_exe
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_narrow_winmain_command_line
_errno
_initterm_e
exit
_exit
_controlfp_s
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_initterm
_initialize_onexit_table
_register_onexit_function
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
_set_new_mode
realloc

api-ms-win-crt-convert-l1-1-0

strtof
strtol

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__acrt_iob_func
fseek
feof
fopen_s
fflush
_get_stream_buffer_pointers
ungetc
fputc
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fclose

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
__setusermatherr
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sqrt_precise
_except1
ldexp

api-ms-win-crt-string-l1-1-0

isdigit
strncmp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
v2/left.png
.png
v2/mouse.png
.png
v2/mousebg.png
.png
v2/right.png
.png
v2/settings.txt
v2/tablet.png
.png
v2/tabletbg.png
.png
v2/up.png
.png

Sharing

General

Malware Config

Signatures

Files

1c5ed8c4da7a754a576887f6eab3b8a7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

opengl32

winmm

gdi32

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 206KB - Virtual size: 206KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 206KB - Virtual size: 206KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 10KB - Virtual size: 9KB