Static task
static1
General
-
Target
TZX.exe
-
Size
4.5MB
-
MD5
efa7c57d4ec65f2fb684d97f130e6d91
-
SHA1
c577e8f6103aa9705de18032d0bf6535a681f07d
-
SHA256
c7bdd4e38dcd123c3e777f170f04b46fbdbe18b35aa3f9e0c99d2b4b172e809e
-
SHA512
c961e97e507e81f1fa449de3886fb1c311ed0a3d9ce43c7d4347a06ca6d6f99912c22a50e0d18649d03b3662a51ab14666c3e825b1f35a01b717357b76bc107d
-
SSDEEP
49152:LKOKly0gBYXwxLPmjW80ZY1iJkjWIQ7/3FEm8PwLiRs3viacHSvBS/B+mSmTeSem:yCvum5iysT
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource TZX.exe
Files
-
TZX.exe.exe windows:6 windows x64 arch:x64
fcf1863658a8c27f3b22aa5684fd33fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDevice
ntdll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwind
RtlUnwindEx
RtlPcToFileHeader
VerSetConditionMask
ws2_32
getsockopt
send
WSACloseEvent
ioctlsocket
gethostname
getpeername
recv
connect
select
__WSAFDIsSet
htonl
WSAIoctl
setsockopt
freeaddrinfo
getaddrinfo
listen
getsockname
accept
sendto
recvfrom
bind
socket
htons
inet_pton
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
crypt32
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
advapi32
CryptHashData
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
OpenProcessToken
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
kernel32
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFilePointerEx
ExitProcess
WriteFile
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
OutputDebugStringW
SetStdHandle
SetEndOfFile
SetEnvironmentVariableW
HeapSize
FlsSetValue
FlsFree
GetCurrentProcess
GetLastError
CloseHandle
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetModuleHandleA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetProcessId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetModuleFileNameW
GetSystemDirectoryW
GetModuleHandleW
LoadLibraryW
GetEnvironmentVariableA
SetLastError
FormatMessageW
Sleep
MoveFileExW
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetCurrentProcessId
WaitForSingleObjectEx
SleepEx
VerifyVersionInfoW
CreateFileW
GetFileSizeEx
FlsGetValue
InitializeCriticalSectionAndSpinCount
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
DecodePointer
EncodePointer
LocalFree
FlsAlloc
WriteConsoleW
CreateThread
ExitThread
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
FreeLibraryAndExitThread
GetFileAttributesExW
GetDriveTypeW
DeleteCriticalSection
GetFileInformationByHandle
WideCharToMultiByte
GetCurrentDirectoryW
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
GetFullPathNameW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SwitchToThread
GetCurrentThreadId
GetExitCodeThread
GetNativeSystemInfo
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RaiseException
InitOnceComplete
InitOnceBeginInitialize
IsProcessorFeaturePresent
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
user32
GetClipboardData
GetMessageExtraInfo
EmptyClipboard
CloseClipboard
DefWindowProcW
DestroyWindow
MessageBoxA
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
SetClipboardData
ole32
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
oleaut32
SysAllocString
SysFreeString
imm32
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
d3dcompiler_47
D3DCompile
bcrypt
BCryptGenRandom
Sections
.text Size: 2.4MB - Virtual size: 2.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 670KB - Virtual size: 669KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 108KB - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ