ze4rd9[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ze4rd9.rar
Size

130.1MB
MD5

562586c45d24233d2748b2f305ddc27c
SHA1

ce6015c95e0ff6deba517de4b044f403da872f66
SHA256

9969b81c0268460cf724d0c2d3f30ecade0b3d9514e7d1a420f92552d5372063
SHA512

607f1004fe8e191b9cbdb309ebb03ccb1a817a8a9211a8cd740b4b8cc8bfe55b532e3f956a3bb5c17e6a7e420dcf69b7e19f100e85a7b48c2e9f98710662f556
SSDEEP

3145728:9ejQxeyPrqcxR6A5yRyTk2S7B01HpJm5vW7HpoJ5iWeaOAqzPmka4+:IiXnJIRXBKp+vEJoJ5AaNyu6+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dancehits.exe

Files

ze4rd9.rar
.rar
dancehits.exe
.exe windows:4 windows x64 arch:x64

f8249d26a592433be7af944028ea9c84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetCurrentHwProfileA
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW

avrt

AvSetMmThreadCharacteristicsW
AvSetMmThreadPriority

bcrypt

BCryptGenRandom

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertOpenSystemStoreA
CryptBinaryToStringA

dinput8

DirectInput8Create

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory1

gdi32

BitBlt
ChoosePixelFormat
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreatePen
CreatePolygonRgn
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetDIBits
GetDeviceCaps
GetPixel
GetStockObject
GetTextExtentPoint32W
Rectangle
SelectObject
SetPixelFormat
SwapBuffers

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

iphlpapi

GetAdaptersAddresses
GetBestInterfaceEx

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CloseHandle
CompareFileTime
CompareStringOrdinal
CreateDirectoryW
CreateEventA
CreateFileMappingA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCommandLineW
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDynamicTimeZoneInformation
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetGeoInfoW
GetHandleInformation
GetLargePageMinimum
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetStdHandle
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadContext
GetThreadPriority
GetTickCount64
GetTimeZoneInformation
GetUserDefaultUILanguage
GetUserGeoID
GetVolumeInformationW
GlobalAlloc
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
K32GetPerformanceInfo
K32GetProcessMemoryInfo
LCIDToLocaleName
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
LocaleNameToLCID
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PowerClearRequest
PowerCreateRequest
PowerSetRequest
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetThreadAffinityMask
SetThreadContext
SetThreadIdealProcessor
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_filelengthi64
_fileno
fwprintf
_fmode
_fstat64
_get_osfhandle
_getpid
_gmtime64
_hypot
_initterm
_itoa_s
_lock
_lseeki64
_onexit
_scprintf
_setjmp
_snprintf
_strdup
_stricmp
_time64
_timezone
_tzname
_tzset
_ultoa
_unlock
_vscprintf
_vsnprintf
_vsnprintf_s
_wchdir
_wfopen
_wfsopen
_wgetcwd
_wgetenv
_wrename
_wrmdir
_wstat64
_wunlink
abort
acos
asin
atan
atof
atoi
bsearch
calloc
cosh
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getenv
getwc
isalpha
isspace
tanh
iswctype
isxdigit
localeconv
log10
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
perror
printf
putc
putwc
qsort
rand
realloc
remove
setlocale
setvbuf
signal
sinh
srand
strcat
strcat_s
strchr
strcmp
strcoll
strcpy
strcpy_s
strerror
strftime
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
strxfrm
tan
tolower
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcscpy
wcscpy_s
wcsftime
wcslen
wcstol
wcstombs
wcsxfrm
_strtoui64
_strtoi64
_vsnprintf_s
_write
_strdup
_read
_memicmp
_fileno
_fdopen

ntdll

NtQueryInformationFile

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear

oleaut32

SysAllocString
SysFreeString
VariantInit

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileW
SHCreateItemFromParsingName
SHFileOperationW
SHGetKnownFolderPath
ShellExecuteW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
AllowSetForegroundWindow
CallNextHookEx
CallWindowProcW
ClientToScreen
ClipCursor
CloseClipboard
CloseTouchInputHandle
CreateCaret
CreateIconFromResource
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayMonitors
EnumDisplaySettingsW
FillRect
FlashWindowEx
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDCEx
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetMessageExtraInfo
GetMonitorInfoA
GetMonitorInfoW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSystemMetrics
GetTouchInputInfo
GetUpdateRect
GetWindowDC
GetWindowLongPtrA
GetWindowRect
GetWindowThreadProcessId
IsClipboardFormatAvailable
IsIconic
IsWindow
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
MapVirtualKeyA
MapVirtualKeyExA
MessageBoxW
MonitorFromWindow
MoveWindow
OffsetRect
OpenClipboard
PeekMessageW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatA
RegisterRawInputDevices
RegisterTouchWindow
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetTimer
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
ToUnicodeEx
TrackMouseEvent
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
WindowFromDC
WindowFromPoint

winmm

midiInClose
midiInGetDevCapsA
midiInGetErrorTextA
midiInGetID
midiInGetNumDevs
midiInOpen
midiInStart
midiInStop
timeBeginPeriod
timeEndPeriod

ws2_32

WSAConnect
freeaddrinfo
getaddrinfo
getnameinfo
inet_pton

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
_ZN6embree13TaskScheduler10ThreadPool12startThreadsEv
_ZN6embree13TaskScheduler10ThreadPool3addERKNS_3RefIS0_EE
_ZN6embree13TaskScheduler10ThreadPool6removeERKNS_3RefIS0_EE
_ZN6embree13TaskScheduler10swapThreadEPNS0_6ThreadE
_ZN6embree13TaskScheduler11threadCountEv
_ZN6embree13TaskScheduler11threadIndexEv
_ZN6embree13TaskScheduler12addSchedulerERKNS_3RefIS0_EE
_ZN6embree13TaskScheduler12startThreadsEv
_ZN6embree13TaskScheduler15removeSchedulerERKNS_3RefIS0_EE
_ZN6embree13TaskScheduler16allocThreadIndexEv
_ZN6embree13TaskScheduler4Task3runERNS0_6ThreadE
_ZN6embree13TaskScheduler4waitEv
_ZN6embree13TaskScheduler6threadEv
_ZN6embree13TaskScheduler8instanceEv
_ZN6embree13TaskScheduler8threadIDEv
_ZN6embree13TaskScheduler9TaskQueue13execute_localERNS0_6ThreadEPNS0_4TaskE

Sections

.text
Size: 53.6MB - Virtual size: 53.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

pck
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dancehits.pck
.js

Sharing

General

Malware Config

Signatures

Files

f8249d26a592433be7af944028ea9c84

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

avrt

bcrypt

crypt32

dinput8

dwmapi

dwrite

dxgi

gdi32

imm32

iphlpapi

kernel32

msvcrt

ntdll

ole32

oleaut32

shell32

user32

winmm

ws2_32

wsock32

Exports

Exports

Sections

.text Size: 53.6MB - Virtual size: 53.6MB

.data Size: 301KB - Virtual size: 300KB

.rdata Size: 9.4MB - Virtual size: 9.4MB

pck Size: 512B - Virtual size: 8B

.pdata Size: 1.2MB - Virtual size: 1.2MB

.xdata Size: 1.5MB - Virtual size: 1.5MB

.bss Size: - Virtual size: 1.7MB

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 20KB - Virtual size: 19KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 141KB - Virtual size: 140KB

.reloc Size: 314KB - Virtual size: 313KB

.text
Size: 53.6MB - Virtual size: 53.6MB

.data
Size: 301KB - Virtual size: 300KB

.rdata
Size: 9.4MB - Virtual size: 9.4MB

pck
Size: 512B - Virtual size: 8B

.pdata
Size: 1.2MB - Virtual size: 1.2MB

.xdata
Size: 1.5MB - Virtual size: 1.5MB

.bss
Size: - Virtual size: 1.7MB

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 20KB - Virtual size: 19KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 141KB - Virtual size: 140KB

.reloc
Size: 314KB - Virtual size: 313KB