eW91bmdhb3M=-1[.]zip

Resubmissions

20/02/2024, 23:08

240220-24xq8agb7s 7

20/02/2024, 22:32

240220-2f2ehagd55 7

Sharing

Copy URL Twitter E-mail

General

Target

eW91bmdhb3M=-1.zip
Size

30.2MB
MD5

2ab1e94196184529502725e95f7ae2bf
SHA1

79fd87a88a58771681f0702b625b752c8e1b223f
SHA256

8d8e93fb4b15cf7a6dd984af6a816771ccb9f1fe8677723398623bcc87eb1b0e
SHA512

2e2143bbc17e335c30b1a516a6c620baa1ea32b5479151235a11fa3df3f40f30a8bf67a82c2c746c4a89b19d460a065f40581e1669e21aaa7d9c14fd7a412c05
SSDEEP

786432:T1oKP6lzwLJJDkS2JswBQS5I4iljsSU1Ek6:Scm8LJdA7QWrWhUek6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eW91bmdhb3M=-1.exe

Files

eW91bmdhb3M=-1.zip
.zip

Password: 888
EsqueleSquad.url
EsqueleStealer.txt
EsqueleStealer.url
File.txt
Social.txt
eW91bmdhb3M=-1.exe
.exe windows:6 windows x64 arch:x64

Password: 888

4ece0d60c8a16fb75dc4f9061205c7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\a\deno\deno\target\release\deps\deno.pdb

Imports

ntdll

RtlGetVersion
RtlCaptureStackBackTrace
RtlUnwindEx
RtlAddFunctionTable
VerSetConditionMask
RtlVirtualUnwind
RtlDeleteFunctionTable
RtlUnwind
RtlCaptureContext
RtlLookupFunctionEntry
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlPcToFileHeader

iphlpapi

GetAdaptersAddresses

kernel32

IsValidCodePage
SetLastError
GetFullPathNameW
GetLastError
GetStdHandle
UnlockFile
CloseHandle
DeviceIoControl
FreeEnvironmentStringsW
GetExitCodeProcess
GetConsoleScreenBufferInfo
HeapReAlloc
CreateFileA
SetStdHandle
GetHandleInformation
AddVectoredExceptionHandler
SetThreadStackGuarantee
HeapAlloc
GetProcessHeap
HeapFree
GetConsoleMode
SetConsoleTextAttribute
GetFileInformationByHandleEx
AcquireSRWLockShared
ReleaseSRWLockShared
WakeAllConditionVariable
SleepConditionVariableSRW
GlobalUnlock
GetStringTypeW
Sleep
GetProcAddress
CreateFileW
GetFileInformationByHandle
SetCurrentDirectoryW
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentProcessId
GetLocaleInfoW
WriteConsoleInputW
PeekConsoleInputW
FlushConsoleInputBuffer
TerminateProcess
LCMapStringW
GlobalMemoryStatusEx
GetTickCount64
CompareStringW
CreateToolhelp32Snapshot
Process32First
Process32Next
SetThreadErrorMode
LoadLibraryExW
FreeLibrary
SetErrorMode
LoadLibraryW
FormatMessageW
GetTimeFormatW
GetDateFormatW
TryAcquireSRWLockShared
SetFileTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
GetFileType
UnmapViewOfFile
GetSystemInfo
VirtualProtect
CreateFileMappingW
MapViewOfFile
TryAcquireSRWLockExclusive
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
FlsFree
GetCommandLineA
GetCPInfo
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
EncodePointer
InterlockedPushEntrySList
GetStartupInfoW
WaitForSingleObjectEx
CreateSemaphoreW
CancelIo
ReadDirectoryChangesW
ReleaseSemaphore
CreatePipe
GetModuleHandleA
GetOEMCP
WakeConditionVariable
GetConsoleCursorInfo
SetConsoleCursorInfo
InitializeSListHead
SetEvent
GlobalLock
GlobalSize
WideCharToMultiByte
ReadConsoleInputW
WriteConsoleW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
lstrlenW
GetNumberFormatEx
VirtualQuery
IsThreadAFiber
ConvertThreadToFiber
CreateFiber
SwitchToFiber
DeleteFiber
GetACP
GetCurrentThread
GetCurrentDirectoryW
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
GetEnvironmentStringsW
GetModuleHandleW
SetEnvironmentVariableW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
FlushFileBuffers
SetFileInformationByHandle
GetFinalPathNameByHandleW
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
FindClose
ReadConsoleW
IsProcessorFeaturePresent
GetCurrencyFormatEx
UnhandledExceptionFilter
SetHandleInformation
RaiseException
ResolveLocaleName
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetOverlappedResult
CreateEventW
ReadFile
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
DeleteFileW
MoveFileExW
RemoveDirectoryW
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
CopyFileExW
RegisterWaitForSingleObject
UnregisterWaitEx
GetProcessId
PostQueuedCompletionStatus
SetConsoleCtrlHandler
FileTimeToSystemTime
VirtualAlloc
VirtualFree
GetTickCount
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LocalFree
HeapDestroy
HeapCompact
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetLocaleInfoEx
IsDebuggerPresent
ResumeThread
GetTimeZoneInformation
GetTempFileNameA
VerifyVersionInfoW
MapViewOfFileEx
CreateWaitableTimerExW
SetWaitableTimer
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
SystemTimeToTzSpecificLocalTime
GetDateFormatEx
GetTimeFormatEx
ResetEvent
InitOnceExecuteOnce
FlsAlloc
FlsGetValue
FlsSetValue
SetUnhandledExceptionFilter
GetNumberOfConsoleInputEvents
WaitForMultipleObjects
SetConsoleCursorPosition
WaitForSingleObject
OpenProcess
LockFileEx
SetConsoleMode
DuplicateHandle
ConvertFiberToThread
GetNativeSystemInfo
GetDynamicTimeZoneInformation
GetUserGeoID
GetGeoInfoW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
CreateSemaphoreA
InitializeConditionVariable
SuspendThread
GetThreadContext
FindFirstFileExW

crypt32

CertCloseStore
CertGetEnhancedKeyUsage
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

LookupPrivilegeValueW
EventWriteTransfer
RegQueryInfoKeyW
EventSetInformation
EventRegister
RegCloseKey
AdjustTokenPrivileges
SystemFunction036
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

user32

MapVirtualKeyW
GetClipboardData
CloseClipboard
OpenClipboard

ws2_32

recvfrom
sendto
send
recv
getsockopt
WSASocketW
connect
accept
socket
WSAIoctl
getaddrinfo
WSACleanup
WSAStartup
GetHostNameW
getpeername
ioctlsocket
listen
bind
WSAGetLastError
setsockopt
closesocket
getsockname
WSASend
shutdown
freeaddrinfo

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

bcrypt

BCryptGenRandom

dbghelp

SymSetOptions
SymSetSearchPathW
SymGetSearchPathW
SymGetModuleBase64
SymFunctionTableAccess64
StackWalk64
SymFromAddr
SymInitialize
SymGetLineFromAddr64

psapi

GetProcessMemoryInfo
GetPerformanceInfo

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange
napi_acquire_threadsafe_function
napi_add_env_cleanup_hook
napi_add_finalizer
napi_adjust_external_memory
napi_async_destroy
napi_async_init
napi_call_function
napi_call_threadsafe_function
napi_cancel_async_work
napi_close_callback_scope
napi_close_escapable_handle_scope
napi_close_handle_scope
napi_coerce_to_bool
napi_coerce_to_number
napi_coerce_to_object
napi_coerce_to_string
napi_create_array
napi_create_array_with_length
napi_create_arraybuffer
napi_create_async_work
napi_create_bigint_int64
napi_create_bigint_uint64
napi_create_bigint_words
napi_create_buffer
napi_create_buffer_copy
napi_create_dataview
napi_create_date
napi_create_double
napi_create_error
napi_create_external
napi_create_external_arraybuffer
napi_create_external_buffer
napi_create_function
napi_create_int32
napi_create_int64
napi_create_object
napi_create_promise
napi_create_range_error
napi_create_reference
napi_create_string_latin1
napi_create_string_utf16
napi_create_string_utf8
napi_create_symbol
napi_create_threadsafe_function
napi_create_type_error
napi_create_typedarray
napi_create_uint32
napi_define_class
napi_define_properties
napi_delete_async_work
napi_delete_element
napi_delete_property
napi_delete_reference
napi_detach_arraybuffer
napi_escape_handle
napi_fatal_error
napi_fatal_exception
napi_get_all_property_names
napi_get_and_clear_last_exception
napi_get_array_length
napi_get_arraybuffer_info
napi_get_boolean
napi_get_buffer_info
napi_get_cb_info
napi_get_dataview_info
napi_get_date_value
napi_get_element
napi_get_global
napi_get_instance_data
napi_get_last_error_info
napi_get_named_property
napi_get_new_target
napi_get_node_version
napi_get_null
napi_get_property
napi_get_property_names
napi_get_prototype
napi_get_reference_value
napi_get_threadsafe_function_context
napi_get_typedarray_info
napi_get_undefined
napi_get_uv_event_loop
napi_get_value_bigint_int64
napi_get_value_bigint_uint64
napi_get_value_bigint_words
napi_get_value_bool
napi_get_value_double
napi_get_value_external
napi_get_value_int32
napi_get_value_int64
napi_get_value_string_latin1
napi_get_value_string_utf16
napi_get_value_string_utf8
napi_get_value_uint32
napi_get_version
napi_has_element
napi_has_named_property
napi_has_own_property
napi_has_property
napi_instanceof
napi_is_array
napi_is_arraybuffer
napi_is_buffer
napi_is_dataview
napi_is_date
napi_is_detached_arraybuffer
napi_is_error
napi_is_exception_pending
napi_is_promise
napi_is_typedarray
napi_make_callback
napi_module_register
napi_new_instance
napi_object_freeze
napi_object_seal
napi_open_callback_scope
napi_open_escapable_handle_scope
napi_open_handle_scope
napi_queue_async_work
napi_ref_threadsafe_function
napi_reference_ref
napi_reference_unref
napi_reject_deferred
napi_release_threadsafe_function
napi_remove_env_cleanup_hook
napi_remove_wrap
napi_resolve_deferred
napi_run_script
napi_set_element
napi_set_instance_data
napi_set_named_property
napi_set_property
napi_strict_equals
napi_throw
napi_throw_error
napi_throw_range_error
napi_throw_type_error
napi_typeof
napi_unref_threadsafe_function
napi_unwrap
napi_wrap
node_api_create_syntax_error
node_api_get_module_file_name
node_api_throw_syntax_error

Sections

.text
Size: 40.5MB - Virtual size: 40.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30.6MB - Virtual size: 30.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 888

Password: 888

4ece0d60c8a16fb75dc4f9061205c7fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

iphlpapi

kernel32

crypt32

shell32

ole32

advapi32

user32

ws2_32

winmm

bcrypt

dbghelp

psapi

Exports

Exports

Sections

.text Size: 40.5MB - Virtual size: 40.5MB

.rdata Size: 30.6MB - Virtual size: 30.6MB

.data Size: 188KB - Virtual size: 323KB

.pdata Size: 1.8MB - Virtual size: 1.8MB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 185KB - Virtual size: 184KB

.text
Size: 40.5MB - Virtual size: 40.5MB

.rdata
Size: 30.6MB - Virtual size: 30.6MB

.data
Size: 188KB - Virtual size: 323KB

.pdata
Size: 1.8MB - Virtual size: 1.8MB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 185KB - Virtual size: 184KB