eW91bmdhb3M=-1 (2)[.]zip

Resubmissions

11/04/2024, 15:58

240411-tezkhseh92 7

20/02/2024, 15:38

240220-s3jcrsbd63 7

Sharing

Copy URL Twitter E-mail

General

Target

eW91bmdhb3M=-1 (2).zip
Size

15.3MB
MD5

3d9d5203a23ae4b1e6b55a0b4c0fedad
SHA1

32d1b9fe3ca1b4c221c92ef42a0ad5ce5f22a260
SHA256

fa5781b59ed831394f104ffeac89e5cdbda8eabf16a08261c65fe341819ad39c
SHA512

13b61ef98092e9ad37de03020298fc8d5db2ded748c913223cd75774e2a2313ae522c71ad2c8c40b208e1a10a64a2c71d73c94099bbf4a4f2bbfc874012dbe47
SSDEEP

393216:ps37w/zrhOGXf3SCOnJcaW5HAeBXdoCeCJC4ti4GyFFa/pPqDPuh:pYQzrJ3Sp3WqihLJrcyFFaMD2h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eW91bmdhb3M=-1.exe

Files

eW91bmdhb3M=-1 (2).zip
.zip

Password: 5656
EsqueleSquad.url
EsqueleStealer.txt
EsqueleStealer.url
File.txt
Social.txt
eW91bmdhb3M=-1.exe
.exe windows:6 windows x64 arch:x64

Password: 5656

ff402746ae82e4cc8224b9f9a6640838

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\deno\deno\target\release\deps\deno.pdb

Imports

iphlpapi

GetAdaptersAddresses

ntdll

NtCancelIoFileEx
RtlUnwindEx
RtlNtStatusToDosError
RtlPcToFileHeader
NtDeviceIoControlFile
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlAddFunctionTable
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
RtlUnwind

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

dbghelp

SymGetModuleBase64
SymSetOptions
SymInitialize
SymGetLineFromAddr64
SymFromAddr
SymGetSearchPathW
SymFunctionTableAccess64
StackWalk64
SymSetSearchPathW

kernel32

GetACP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
FindFirstFileExW
SetStdHandle
SetEndOfFile
GetOEMCP
GetStringTypeW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineA
GetCPInfo
FreeLibraryAndExitThread
SwitchToThread
SetConsoleMode
CloseHandle
LeaveCriticalSection
SetConsoleCursorPosition
lstrlenW
WaitForSingleObject
GetLastError
GetExitCodeProcess
GetCurrentProcessId
GetCommandLineW
GetProcessHeap
HeapFree
AddVectoredExceptionHandler
HeapAlloc
HeapReAlloc
GetStdHandle
GetFileInformationByHandleEx
GetConsoleMode
EnterCriticalSection
Sleep
DeviceIoControl
CreateHardLinkW
ReadFile
TerminateProcess
FreeLibrary
RegisterWaitForSingleObject
OpenProcess
SetEnvironmentVariableW
SetCurrentDirectoryW
SetErrorMode
SetThreadErrorMode
LoadLibraryW
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleScreenBufferInfo
GetProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
SetFileTime
GetOverlappedResult
WriteFile
CancelIoEx
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WaitForSingleObjectEx
CreateFileW
CreateSemaphoreW
ReadDirectoryChangesW
ReleaseSemaphore
CancelIo
GetSystemInfo
GetModuleHandleA
SetFileInformationByHandle
SetHandleInformation
GetConsoleCursorInfo
SetConsoleCursorInfo
ReadConsoleInputW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandle
TlsGetValue
TlsSetValue
DeleteCriticalSection
GetModuleHandleW
SetLastError
GetEnvironmentVariableW
WriteConsoleW
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
ReleaseMutex
GetCurrentDirectoryW
LoadLibraryA
CreateMutexA
TlsAlloc
FormatMessageW
GetTempPathW
GetModuleFileNameW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
FindNextFileW
CreateDirectoryW
ReadConsoleW
TryEnterCriticalSection
FindFirstFileW
CreateProcessW
CreateNamedPipeW
CreateEventW
WaitForMultipleObjects
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
FindClose
DeleteFileW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
CopyFileExW
CreateThread
GetFinalPathNameByHandleW
UnregisterWaitEx
SetConsoleTextAttribute
GetSystemTimes
GlobalMemoryStatusEx
GetVersionExA
GetTimeZoneInformation
WideCharToMultiByte
GetThreadTimes
GetCurrentThreadId
DeleteFileA
GetTempPathA
GetTempFileNameA
GetFileType
OutputDebugStringA
VerifyVersionInfoW
VirtualAlloc
VirtualFree
IsDebuggerPresent
TlsFree
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
VirtualProtect
LoadLibraryExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
SetUnhandledExceptionFilter
GetNativeSystemInfo
InitializeConditionVariable
OpenThread
SuspendThread
GetThreadContext
ResumeThread
CreateSemaphoreA
ExitThread
GetModuleHandleExW
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recvfrom
setsockopt
recv
send
shutdown
WSASend
sendto
getpeername
WSASocketW
getsockname
getsockopt
connect
accept
ioctlsocket
socket
WSAIoctl
WSAGetLastError
listen
bind
closesocket

winmm

timeGetTime

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange

Sections

.text
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 5656

Password: 5656

ff402746ae82e4cc8224b9f9a6640838

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ntdll

bcrypt

advapi32

dbghelp

kernel32

ole32

shell32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 22.1MB - Virtual size: 22.1MB

.rdata Size: 10.5MB - Virtual size: 10.5MB

.data Size: 81KB - Virtual size: 203KB

.pdata Size: 880KB - Virtual size: 879KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 22.1MB - Virtual size: 22.1MB

.rdata
Size: 10.5MB - Virtual size: 10.5MB

.data
Size: 81KB - Virtual size: 203KB

.pdata
Size: 880KB - Virtual size: 879KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 129KB - Virtual size: 129KB