zcb3[.]exe | Triage

Resubmissions

21/02/2024, 05:29

240221-f6vhzsce64 3

21/02/2024, 05:24

240221-f3svzsca6z 6

Sharing

Copy URL Twitter E-mail

General

Target

zcb3.exe
Size

10.4MB
MD5

0c7eac30818090471ae7495f05cbc63f
SHA1

3e4d4919c92ac9f5a53e585e436228592401f805
SHA256

bf0bf07f6b0a3e9255eb73807768a0165a7dd2c08e2a4de6d353d1573183cfd3
SHA512

4196592dfeb90525e54e7102209e2c1e0e795be1fc51016636eba2ac6ecc281169dc60d56f8ac1462c3397f2cc05cb40a4f900a05d999f1b1b55af84e115db17
SSDEEP

98304:tPmTcw3OCoBzJWwKvg14X6PPIPNLqinykT573APYqjboPW++MLsa:Aq55P1GQYqaWa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
zcb3.exe

Files

zcb3.exe
.exe windows:6 windows x64 arch:x64

6acc79c4f38935e8a1111e43d76c143a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ReleaseSRWLockExclusive
GetCurrentThreadId
FindNextFileW
UnhandledExceptionFilter
SwitchToThread
FindClose
GetProcAddress
SetUnhandledExceptionFilter
AcquireSRWLockShared
WakeAllConditionVariable
SetThreadStackGuarantee
AddVectoredExceptionHandler
FreeConsole
SetFilePointerEx
GetLastError
QueryPerformanceCounter
AcquireSRWLockExclusive
GlobalLock
GlobalSize
GlobalUnlock
HeapReAlloc
MultiByteToWideChar
GlobalAlloc
WaitForSingleObject
IsProcessorFeaturePresent
GlobalFree
GetConsoleScreenBufferInfo
GetStdHandle
CloseHandle
HeapAlloc
GetProcessHeap
GetConsoleMode
InitializeSListHead
SetConsoleMode
ReleaseSRWLockShared
SetConsoleTextAttribute
GetFileType
TryAcquireSRWLockExclusive
FreeLibrary
SetThreadErrorMode
LoadLibraryExW
LoadLibraryW
CopyFileExW
MoveFileExW
GetSystemTimeAsFileTime
WriteFileEx
SleepEx
GetSystemInfo
Sleep
GetModuleHandleA
IsDebuggerPresent
HeapFree
SleepConditionVariableSRW
WakeConditionVariable
ReadFileEx
CreateThread
CreateNamedPipeW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
GetModuleFileNameW
GetCommandLineW
InitializeProcThreadAttributeList
DeleteFileW
LocalFree
CreateProcessA
ExitProcess
CreateFileW
GetCurrentProcess
DuplicateHandle
SetLastError
GetFinalPathNameByHandleW
GetCurrentThread
GetFileAttributesW
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
GetEnvironmentVariableW
GetTempPathW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
CreateProcessW
GetWindowsDirectoryW
GetSystemDirectoryW
CompareStringOrdinal
FreeEnvironmentStringsW
SetHandleInformation
GetEnvironmentStringsW
TerminateProcess

ntdll

RtlNtStatusToDosError
NtWriteFile
NtReadFile

user32

GetSystemMenu
EnableMenuItem
GetWindowLongW
AdjustWindowRectEx
GetClipCursor
SetWindowLongW
ShowCursor
DestroyIcon
GetClassNameW
RemovePropW
GetClassInfoExW
ClipCursor
ToUnicodeEx
FlashWindowEx
GetForegroundWindow
SetWindowTextW
GetKeyboardLayout
MapVirtualKeyExW
SetCursorPos
GetWindowTextW
CreateIcon
OpenClipboard
PostMessageW
RegisterWindowMessageA
GetWindowRect
SetClipboardData
EmptyClipboard
SystemParametersInfoA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
ValidateRect
GetRawInputData
DispatchMessageW
TranslateMessage
KillTimer
SetTimer
GetMessageW
RegisterRawInputDevices
SetPropW
CallWindowProcW
GetPropW
EnumDisplayMonitors
GetCursorPos
CloseTouchInputHandle
ScreenToClient
GetTouchInputInfo
TrackMouseEvent
ReleaseCapture
SetCapture
MonitorFromRect
SetCursor
LoadCursorW
DestroyWindow
GetMenu
ShowWindow
SetWindowPlacement
GetWindowPlacement
ChangeDisplaySettingsExW
GetMonitorInfoW
RedrawWindow
IsProcessDPIAware
GetKeyboardState
InvalidateRgn
SetWindowPos
SetForegroundWindow
SendInput
MapVirtualKeyW
MonitorFromWindow
GetKeyState
GetAsyncKeyState
ClientToScreen
SetWindowLongPtrW
RegisterTouchWindow
SetWindowDisplayAffinity
PeekMessageW
DefWindowProcW
CreateWindowExW
RegisterClassExW
MonitorFromPoint
GetDC
GetWindowLongPtrW
CreateIconFromResourceEx
IsIconic
GetClientRect
SendMessageW
GetSystemMetrics
GetActiveWindow
ReleaseDC
GetWindowTextLengthW

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
SysStringLen
SysAllocStringLen
GetErrorInfo
SetErrorInfo

uiautomationcore

UiaHostProviderFromHwnd
UiaRaiseAutomationPropertyChangedEvent
UiaLookupId
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaGetReservedNotSupportedValue

opengl32

wglGetCurrentDC
wglCreateContext
wglShareLists
wglGetCurrentContext
wglMakeCurrent
wglGetProcAddress
wglDeleteContext

gdi32

DeleteObject
ChoosePixelFormat
SwapBuffers
GetDeviceCaps
SetPixelFormat
CreateRectRgn
DescribePixelFormat

dwmapi

DwmEnableBlurBehindWindow

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
ImmAssociateContextEx

ole32

OleInitialize
CoTaskMemFree
CoInitializeEx
RegisterDragDrop
CoUninitialize
CoCreateInstance
RevokeDragDrop

shlwapi

AssocQueryStringW

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

shell32

SHCreateItemFromParsingName
CommandLineToArgvW
DragFinish
DragQueryFileW

ws2_32

setsockopt
select
connect
ioctlsocket
freeaddrinfo
getaddrinfo
WSAGetLastError
WSAStartup
WSACleanup
WSASocketW
closesocket
send
WSADuplicateSocketW
getsockname
getpeername
WSASend
WSARecv
recv
getsockopt

uxtheme

SetWindowTheme

vcruntime140

memmove
__current_exception_context
__CxxFrameHandler3
memcpy
memset
memcmp
_CxxThrowException
__C_specific_handler
__current_exception

api-ms-win-crt-math-l1-1-0

fmod
log
pow
round
asin
cos
floorf
roundf
log1p
ceilf
trunc
powf
ceil
acos
cosh
tanh
sin
atan
_hypot
sinh
log2
log10
sinf
_hypotf
cosf
atan2f
truncf
tan
fmodf
expf
acosf
cbrtf
exp2f
floor
exp2
__setusermatherr

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_register_onexit_function
_crt_atexit
_configure_narrow_argv
_set_app_type
_exit
_seh_filter_exe
_initialize_onexit_table
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

6acc79c4f38935e8a1111e43d76c143a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

user32

oleaut32

uiautomationcore

opengl32

gdi32

dwmapi

imm32

ole32

shlwapi

bcrypt

advapi32

shell32

ws2_32

uxtheme

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.rdata Size: 3.4MB - Virtual size: 3.4MB

.data Size: 4KB - Virtual size: 584KB

.pdata Size: 191KB - Virtual size: 191KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.rdata
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 4KB - Virtual size: 584KB

.pdata
Size: 191KB - Virtual size: 191KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 29KB - Virtual size: 29KB