eW91bmdhb3M=-1 (14)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

eW91bmdhb3M=-1 (14).zip
Size

15.3MB
MD5

21e3d8758005f814ad4949cbf5248da2
SHA1

36abed0c5ea006c11595c8ca15ae41bfe5105f7f
SHA256

a74ee32af2cfd9b4d813a31176785ac9d20f9a03a57794414e08cbe7f492439a
SHA512

2ab86982643a6f2eb97925f5f822452661365e3586938c9d2edc7929e54a2b55ee41e90bb658774306ff63696b77b9a9ac816ebee5e3728b99520969e0bef952
SSDEEP

393216:yt1M+KF5sJW7s1adH/UpN+GStEEKdbddoCeCJC4ti4GyFFa/pPqDP/:oM+KLswdfUp0tmlLJrcyFFaMDX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eW91bmdhb3M=-1.exe

Files

eW91bmdhb3M=-1 (14).zip
.zip

Password: 44
EsqueleSquad.url
EsqueleStealer.txt
EsqueleStealer.url
File.txt
Social.txt
eW91bmdhb3M=-1.exe
.exe windows:6 windows x64 arch:x64

Password: 44

ff402746ae82e4cc8224b9f9a6640838

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\deno\deno\target\release\deps\deno.pdb

Imports

iphlpapi

GetAdaptersAddresses

ntdll

NtCancelIoFileEx
RtlUnwindEx
RtlNtStatusToDosError
RtlPcToFileHeader
NtDeviceIoControlFile
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlAddFunctionTable
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
RtlUnwind

bcrypt

BCryptGenRandom

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

dbghelp

SymGetModuleBase64
SymSetOptions
SymInitialize
SymGetLineFromAddr64
SymFromAddr
SymGetSearchPathW
SymFunctionTableAccess64
StackWalk64
SymSetSearchPathW

kernel32

GetACP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
FindFirstFileExW
SetStdHandle
SetEndOfFile
GetOEMCP
GetStringTypeW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineA
GetCPInfo
FreeLibraryAndExitThread
SwitchToThread
SetConsoleMode
CloseHandle
LeaveCriticalSection
SetConsoleCursorPosition
lstrlenW
WaitForSingleObject
GetLastError
GetExitCodeProcess
GetCurrentProcessId
GetCommandLineW
GetProcessHeap
HeapFree
AddVectoredExceptionHandler
HeapAlloc
HeapReAlloc
GetStdHandle
GetFileInformationByHandleEx
GetConsoleMode
EnterCriticalSection
Sleep
DeviceIoControl
CreateHardLinkW
ReadFile
TerminateProcess
FreeLibrary
RegisterWaitForSingleObject
OpenProcess
SetEnvironmentVariableW
SetCurrentDirectoryW
SetErrorMode
SetThreadErrorMode
LoadLibraryW
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleScreenBufferInfo
GetProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
SetFileTime
GetOverlappedResult
WriteFile
CancelIoEx
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WaitForSingleObjectEx
CreateFileW
CreateSemaphoreW
ReadDirectoryChangesW
ReleaseSemaphore
CancelIo
GetSystemInfo
GetModuleHandleA
SetFileInformationByHandle
SetHandleInformation
GetConsoleCursorInfo
SetConsoleCursorInfo
ReadConsoleInputW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandle
TlsGetValue
TlsSetValue
DeleteCriticalSection
GetModuleHandleW
SetLastError
GetEnvironmentVariableW
WriteConsoleW
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
ReleaseMutex
GetCurrentDirectoryW
LoadLibraryA
CreateMutexA
TlsAlloc
FormatMessageW
GetTempPathW
GetModuleFileNameW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
FindNextFileW
CreateDirectoryW
ReadConsoleW
TryEnterCriticalSection
FindFirstFileW
CreateProcessW
CreateNamedPipeW
CreateEventW
WaitForMultipleObjects
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
FindClose
DeleteFileW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
CopyFileExW
CreateThread
GetFinalPathNameByHandleW
UnregisterWaitEx
SetConsoleTextAttribute
GetSystemTimes
GlobalMemoryStatusEx
GetVersionExA
GetTimeZoneInformation
WideCharToMultiByte
GetThreadTimes
GetCurrentThreadId
DeleteFileA
GetTempPathA
GetTempFileNameA
GetFileType
OutputDebugStringA
VerifyVersionInfoW
VirtualAlloc
VirtualFree
IsDebuggerPresent
TlsFree
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
VirtualProtect
LoadLibraryExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
SetUnhandledExceptionFilter
GetNativeSystemInfo
InitializeConditionVariable
OpenThread
SuspendThread
GetThreadContext
ResumeThread
CreateSemaphoreA
ExitThread
GetModuleHandleExW
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recvfrom
setsockopt
recv
send
shutdown
WSASend
sendto
getpeername
WSASocketW
getsockname
getsockopt
connect
accept
ioctlsocket
socket
WSAIoctl
WSAGetLastError
listen
bind
closesocket

winmm

timeGetTime

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange

Sections

.text
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 880KB - Virtual size: 879KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 44

Password: 44

ff402746ae82e4cc8224b9f9a6640838

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ntdll

bcrypt

advapi32

dbghelp

kernel32

ole32

shell32

ws2_32

winmm

Exports

Exports

Sections

.text Size: 22.1MB - Virtual size: 22.1MB

.rdata Size: 10.5MB - Virtual size: 10.5MB

.data Size: 81KB - Virtual size: 203KB

.pdata Size: 880KB - Virtual size: 879KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 129KB - Virtual size: 129KB

.text
Size: 22.1MB - Virtual size: 22.1MB

.rdata
Size: 10.5MB - Virtual size: 10.5MB

.data
Size: 81KB - Virtual size: 203KB

.pdata
Size: 880KB - Virtual size: 879KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 129KB - Virtual size: 129KB